Forum Discussion
bluepet_10591
Sep 09, 2010Altostratus
Doug,
Sorry for crashing into your topic, hopefully I can try work out within this topic as its similar if not the same as what I am trying to implement. Maybe we can try work them out together.
Client hit request to ldap://server.mydomain.com:1234 ---F5 and then F5 send to an internal LDAP - ldap1.dmz.com
My setup - (still working in progress) - virtual sever with the following profiles
1. client ssl profile with a certificate & key using server.mydomain.com cert
2. server ssl profile with a self sign cert from ldap1.dmz.com - certificate=self sign ldap1.dmz.com, key = none, rest =default
I believe for my setup, i have to do it on the LTM by maybe using iRule the string ldap://server.mydomain.com 1000 and convert them to ldap://ldap1.dmz.com 40000
Still trying to figure that out or am I going down the wrong road?
How did you set yours up Doug? is it similar?
I uses an LDAP client to test it out and can see the SSL terminating to the F5 (wireshark) and looks like it is trying to talk to the back end ldap but didnt progress further than shown below.
ld = ldap_sslinit("server.mydomain.com", 1000, 1);
Error 0 = ldap_set_option(hLdap, LDAP_OPT_PROTOCOL_VERSION, 3);
Error 0 = ldap_connect(hLdap, NULL);
Error 0 = ldap_get_option(hLdap,LDAP_OPT_SSL,(void*)&lv);
Host supports SSL, SSL cipher strength = 128 bits
Established connection to server.mydomain.com
Retrieving base DSA information... --> just stuck here