NimbostratusEnabling LDAPS through the BIG-IP
I've found quite a few articles that give a how-to but none of them seem to be working for me. I can get LDAP to work but switching it to use SSL on port 636 or 3269 do not work and I cannot figure out why.
I've created an Access Policy by adding the AAA server to LDAP there and used the iApps f5.ldap template. The iApps template gave me the most success with letting me use LDP to use a virtual server IP to connect to LDAP unencrypted on port 389 or 3268.
I don't know if it's something obvious I'm missing or if it's just not possible.
Could it be something with the certificate? I've tried using the F5's recommended profile when it builds the iApp and I've tried creating my own profile with the cert from server I'm trying to put behind the F5 as a virtual server.
I am no wiz kid on this thing. The SME really has no clue, I'm just the guy who creates a virtual server when a new site or service comes online and needs to be load balanced or I create simple redirects with iRules.
I see there's Client LDAP and Server LDAP options for Services Profiles and even some iRules mentioning LDAP but I'm frustrated and just want it to work so everyone who makes a lot more than me and does less work than me can continue doing whatever it is they do so I can continue doing whatever it is I do. The main goal, if possible, is to have customers use an app at a specified virtual server IP which has been tested and confirmed working, internally at least. These external customers with have to authenticate via the LDAP server securely, get confirmation that they're in a specified group to continue, then they can use the app to do whatever the app does. Tested and works unencrypted which we don't want for reasons.
If it helps, I'm on version 12.1.2 of the BIG-IP software. We are upgrading but this is in one of those special environments that don't touch the interwebs.
I appreciate any help, guidance, and/or wisdom any of you can pass along.
