cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

LDAPS for remote authentication, without certificate validation

epaalx
Cirrus
Cirrus

Hi Experts,

our BIG-IP vCMP Host and Guest are using LDAP for administrative access authentication and I need to change to LDAPS. I don't want LDAP Server certificate validation because Active Directory administrators are likely to change this certificate (and its CA) without notice.

In "ldap system-auth" I see parameter "ssl" and "port" which are obvious, but am unsure if about "ssl-check-peer" and "ssl-ca-cert-file".

Is it enough to set "ssl-client-cert" to 'disabled' and leave "ssl-ca-cert-file" as 'none' to disable LDAP server certification validation whilst still enabling LDAPS?

R's, Alex

1 REPLY 1

Hi Alex,

 

Yes it is. With ssl-peer-check disable the BIG-IP's won't verify the LDAPS server certificate.

 

Cheers,

 

Kees