Forum Discussion

Nimbostratus

Nov 08, 2012

SSL Client certificate LDAP authentication

I'd like to configure the BIG-IP LTM to authenticate some clients using LDAP authentication. That Clients have a SSL client certificate. This certificate is made from private CA on OpenSSL. ...

config

design

Kevin_Stewart

Employee

Nov 12, 2012

If you're seeing an LDAP query then you've made it past the SSL handshake. In your capture, you should see the successful bind, then the request (query), and a response. The response should show a returned value for the given query, not just success(0). If the LDAP query doesn't return a value, ACA shuts down the connection.

The certificate LDAP mechanism in ACA is wired to extract and match the certificate CN to the LDAP/AD attribute that you specify.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

SSL Client certificate LDAP authentication

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Not seeing the latest F5OS-A when running Journeys

Related Content

BIG-IQ Client Certificate (PKI) Authentication

SSL Profiles Part 8: Client Authentication

Automating Certificate Management on F5 BIG-IP

APM Clientless certificate authentication

Client Authentication with certificate on one URI only

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS