09-Mar-2020 23:45
Hi Experts,
our BIG-IP vCMP Host and Guest are using LDAP for administrative access authentication and I need to change to LDAPS. I don't want LDAP Server certificate validation because Active Directory administrators are likely to change this certificate (and its CA) without notice.
In "ldap system-auth" I see parameter "ssl" and "port" which are obvious, but am unsure if about "ssl-check-peer" and "ssl-ca-cert-file".
Is it enough to set "ssl-client-cert" to 'disabled' and leave "ssl-ca-cert-file" as 'none' to disable LDAP server certification validation whilst still enabling LDAPS?
R's, Alex
15-Mar-2020 03:48
Hi Alex,
Yes it is. With ssl-peer-check disable the BIG-IP's won't verify the LDAPS server certificate.
Cheers,
Kees