Forum Discussion
Kevin_Stewart
Feb 13, 2014Employee
Interesting. So does your LDAP configuration require something special to exist in the SSL? Normally LDAP is pretty flexible about the SSL layer. That said, there is a difference between LDAP and LDAPS besides the SSL layer. I'm assuming that if you point the client directly at the server and make an LDAPS call, it works. And if you disable both the client and server SSL profiles on the VIP (SSL pass through), then that too works with LDAPS. The reason why I make the distinction is because the following are not equivalent:
ldapsearch -H ldaps://server
ldapsearch -H ldap://server:636
Ldapsearch is a command line tool you can use on the BIG-IP to test LDAP, and even though the requests are using the same port, the former will work while the latter will not.