cancel
Showing results for 
Search instead for 
Did you mean: 

Why do we use username and password in Healthcheck Monitor ?

Sarovani
Cirrostratus
Cirrostratus

Hi Team , 

 

We have an LDAP VIP , and we could see the heathcheck monitor which is applied to the pool has username password enabled and used .

Why do we need to authenticate first before checking the services on the server ?

When do we really need to enable username/pasword option in monitoring ?

2 REPLIES 2

If you want to make a monitor to just check check the service then you can use tcp monitor on the port of the LDAP and this is called service check. The F5 LDAP monitor is an application monitor that checks the application itself so not only LDAP needs to reply but the reply is checked if it is valid.

 

https://support.f5.com/csp/article/K17472

 

If your AD server supports anonymous searches by specific source IP addresses you may create external bash script monitor with the "ldapsearch" linux comman that will log into the LDAP without password but I do not recommend it.

https://support.f5.com/csp/article/K71282813

 

https://support.f5.com/csp/article/K15811

AubreyKingF5
Community Manager
Community Manager

WAY back, as a customer, I ran my LDAP through my BIG-IP 6400s. That is a feature that allows you to test authentication as a portion of your monitor. If the SLAPD manager password changes, or such, everything breaks.. but that can also be a good thing. If someone has changed your SLAPD manager password w/out your awareness, you become aware VERY quickly! 🙂 Also, as noted by @Nikoolayy1, you do not NEED to do this with a TCP monitor. I just thought I'd expand on WHY you might want that: to test the protocol fully with a search in your monitor.