Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

LDAPS for remote authentication, without certificate validation

epaalx
Cirrus
Cirrus

‎09-Mar-2020 23:45

Hi Experts,

our BIG-IP vCMP Host and Guest are using LDAP for administrative access authentication and I need to change to LDAPS. I don't want LDAP Server certificate validation because Active Directory administrators are likely to change this certificate (and its CA) without notice.

In "ldap system-auth" I see parameter "ssl" and "port" which are obvious, but am unsure if about "ssl-check-peer" and "ssl-ca-cert-file".

Is it enough to set "ssl-client-cert" to 'disabled' and leave "ssl-ca-cert-file" as 'none' to disable LDAP server certification validation whilst still enabling LDAPS?

R's, Alex

Labels:
0 Kudos
1 REPLY 1

KeesvandenBos
MVP
MVP

‎15-Mar-2020 03:48

Hi Alex,

 

Yes it is. With ssl-peer-check disable the BIG-IP's won't verify the LDAPS server certificate.

 

Cheers,

 

Kees

0 Kudos
Copyright © 2022 Khoros, LLC