LDAP vs Active Directory Authentication performance.

Question

We are in the process of configuring Exchange Hybrid with office 365, which requires some modifications to our F5 iapp.  A concern that has arisen is a requirement for users to login with different credentials then they are used to.  Another post on devcentral suggested changing the default authentication from AD to LDAP authentication and a search filter such as the following:
(|(sAMAccountName=%{session.logon.last.logonname})(mail=%{session.logon.last.logonname})
    (userPrincipalName=%{session.logon.last.logonname}))

This will allow the user to log in with samaccountName email address or userPrincipleName, as all of these values are different in our environment.  An LDAP query is used to retrieve userPrincipleName, which is then presented to backend servers in SSO.  I have tested, and it works for activesync,owa and autodiscover
My question is, due to the fact that that I have changed from Kerberos to LDAP authentication, and this will be for all connection types for all users, should I worry about any negative performance impact from these changes?

lucas_thompson_ · Accepted Answer

APM uses the MIT kerberos libraries for kerberos and openldap for ldap. Both of these can support many authentications per second.&nbsp;
LDAP Query is usually faster than AD Query because it requires fewer network transactions.&nbsp;

Forum Discussion

LDAP vs Active Directory Authentication performance.

1 Reply

Recent Discussions

Converting config to DO

iRule resulting in too many redirects

Wildcard SSL Certificate Deployment on F5 LTM

URL

Big-IP Next 20.2.0-2.375.1+0.0.43 iRule count problem

Related Content

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Remote User Authentication (e.g. F5 admins) using Azure Active Directory

Azure Active Directory and BIG-IP APM Integration

Doing mTLS Authentication per URL

Distributed caching of authentication requests with NGINX Ingress Controller