30-May-2022 08:45 - edited 28-Mar-2023 08:58
Hello Guys , Today we are going to discuss about configuration of F5's Remote Authentication using Microsoft AD over LDAP and LDAP over SSL
Firstly , To discuss about the difference between AD and LDAP , AD ( Active directory) is the database where the Schema of information present about a user for Authentication whereas LDAP is the open source protocol used to access the information present in the database
For this Exercise , We are using Microsoft 2012 R2 server for ADDS ( Active directory Domain Services ) and also for ADCS(Active directory certificate services) and also windows 7 professional client from where we will access the BIGIP and also the BIGIP device accessed through remote authentication
what is important in configuration of ADDS?
Firstly Login to the server and change the computer name accordingly
on the start-->Run-->control panel --> System and Security --->System--->Properties--->Computer name
I have given a Computer name to LDAPSTEST
Now Add the ADDS Feature and ADCS feature to the server
Go to Server manager --> Tools ---> Active directory users and forests
Here ldapstest.com is the domain in the forest and also the same server is acting as a domain controller.
I have created an organisation unit called engineering where i have created the users under that , If we see my directory hierarchy it is same as below
We are done with Configurations on AD and now LDAP listens on Non SSL port 386
To Configure BIGIP
Host is the IP address of the server and port is the non-ssl port for LDAP , Remote directory tree is the LDAP hierarchy on the server , How did i found out that
This can be easily figured out using ldp.exe , Go to server powershell and type ldp.exe and an ldp client opens
Click on Connection on the client and click on Bind --->select simple bind and add users which is created in the AD's Organization unit and give the password , Type the domain ( In my case ldapstest.com)
Click OK and once the Credentials are authenticatied on the LDP client , click on View and tree ,and input the Base DN ( which is Distinguished name ( Here in our case it is ldapstest.com) , Hierarchy will be seen
In my case I have created a user called lab in engineering OU's for LDAP bind operation
How does LDAP connection establishes and Authentciation happens
Drawback of LDAP is all the communication between BIGIP and the LDAP server happens over clear text just like we see in the above screenshot
To overcome this we can use LDAP over SSL for the communication between BIGIP and the LDAP server and everything will be encrypted over a secured TLS communication
To get that , We are using ADCS ( Active directory certificate services ) to get the certificate