Forum Discussion
epaalx
Cirrus
Mar 10, 2020LDAPS for remote authentication, without certificate validation
Hi Experts,
our BIG-IP vCMP Host and Guest are using LDAP for administrative access authentication and I need to change to LDAPS. I don't want LDAP Server certificate validation because Active Directory administrators are likely to change this certificate (and its CA) without notice.
In "ldap system-auth" I see parameter "ssl" and "port" which are obvious, but am unsure if about "ssl-check-peer" and "ssl-ca-cert-file".
Is it enough to set "ssl-client-cert" to 'disabled' and leave "ssl-ca-cert-file" as 'none' to disable LDAP server certification validation whilst still enabling LDAPS?
R's, Alex
1 Reply
Hi Alex,
Yes it is. With ssl-peer-check disable the BIG-IP's won't verify the LDAPS server certificate.
Cheers,
Kees