LDAPS for remote authentication, without certificate validation

Question

Hi Experts,our BIG-IP vCMP Host and Guest are using LDAP for administrative access authentication and I need to change to LDAPS. I don't want LDAP Server certificate validation because Active Directory administrators are likely to change this certificate (and its CA) without notice.In "ldap system-auth" I see parameter "ssl" and "port" which are obvious, but am unsure if about "ssl-check-peer" and "ssl-ca-cert-file".Is it enough to set "ssl-client-cert" to 'disabled' and leave "ssl-ca-cert-file" as 'none' to disable LDAP server certification validation whilst still enabling LDAPS?R's, Alex

keesvandenbos · Answer

Hi Alex,&nbsp;Yes it is. With ssl-peer-check disable the BIG-IP's won't verify the LDAPS server certificate.&nbsp;Cheers,&nbsp;Kees

Forum Discussion

LDAPS for remote authentication, without certificate validation

1 Reply

Recent Discussions

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Enabling AVR and creating Profiles

Get associated pool name from VIP IP using F5-LTM

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

Related Content

POC: Validate JWT with iRule

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

APM Clientless certificate authentication

BIG-IQ Client Certificate (PKI) Authentication

Doing mTLS Authentication per URL