Manual Chapter : Creating a virtual server for LDAP or LDAPS

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 16.0.0
Manual Chapter

Creating a virtual server for LDAP or LDAPS

You should have an LDAP Authentication and an access profile configured.
You create a virtual server to handle LDAP or LDAPS traffic and to encrypt authentication messages between Access Policy Manager and the LDAP server.
An AAA server does not load-balance. Do not select a local traffic pool for this virtual server.
  1. On the Main tab, click
    Local Traffic
    Virtual Servers
    .
    The Virtual Server List screen opens.
  2. Click
    Create
    .
    The New Virtual Server screen opens.
  3. In the
    Name
    field, type a unique name for the virtual server, such as
    ldap_proxy
    or
    ea-ldap-vip
    .
  4. For
    Source Address
    , select
    Host
    and type the address, for example
    0.0.0.0/0
    .
  5. For the
    Destination Address/Mask
    setting, confirm that the
    Host
    button is selected, and type the IP address in CIDR format (address/prefix).
    The various virtual servers being used for ephemeral authentication, LDAP, LDAPS, and/or RADIUS) can all have the same Destination Address as long as they use different service ports.
  6. In the
    Service Port
    field, select the port number for the LDAP or LDAPS server.
    Port 389 is the virtual port used for LDAP, and port 636 is used for LDAPS.
  7. For
    Protocol Profile (Client)
    , select a protocol profile (such as f5-tcp-lan).
  8. LDAPS Only: For
    SSL Profile (Client)
    , select a client SSL profile such as clientssl.
  9. For
    SSL Profile (Server)
    , select a server SSL profile such as serverssl. (Required only for LDAPS but recommended for LDAP as well)
  10. For
    Source Address Translation
    , select
    Auto Map
    .
  11. In the Ephemeral Authentication section, for
    Access Configuration
    , select the Access Configuration you created.
  12. For
    LDAP Authentication Configuration
    , select the
    Ephemeral Authentication
    LDAP Authentication Configuration
    you created.
    The LDAP Authentication Configuration connects to the backend LDAP server for ephemeral authentication. F5 recommends using a secure connection to the LDAP server and configuring an
    SSL Profile (Server)
    .
  13. Under Resources, for
    Default Pool
    , select the LDAP server pool you created when configuring the
    Authentication
    LDAP Authentication
    .
  14. Click
    Finished
    .
The virtual server is created with the Ephemeral Access Configuration and the LDAP Authentication Configuration associated with it.