AltostratusAuthentication Failures on APM - LDAP Module: Failed to bind with 'XXXX'. Can't contact LDAP server.
We are implementing APM on top of LTM, and using a simple APM Access-Policy (applied to a VS) that prompts the user for authentication and passes off the users session variables to a backend Active Directory server using LDAP-S for authentication before permitting the user into the VIP and therefore the backend servers.
We are testing a specific application, and are seeing intermittent results in APM authentication results.
Either:
- These are successful and hit the end of the APM Access-Policy flow.
- Or they fail with the following error:
LDAP Module: Failed to bind with 'XXXX'. Can't contact LDAP server. (where XXXX is the DN account of the backend LDAP servers)
I tried to enable Debug level configuration for Access Policies, as well as Policy tracing but cannot seem to gather more in-depth information.
The same APM policy is cloned across multiple other Virtual Servers and the applications seem to work OK, I can verify that there are no connectivity issues and have tried basic troubleshooting such as telnetting to the backend AD servers on destination ports etc.
All the documentation on F5 seems only related to troubleshooting LDAP-S when using it as an authentication method for BIG-IP administration and not for user-traffic passing through the BIG-IP.
Many thanks for help in advance.
