Manual Chapter :
Creating a virtual server for LDAP or LDAPS
Applies To:
Show VersionsBIG-IP APM
- 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0
Creating a virtual server for LDAP or LDAPS
You should have an LDAP Authentication and an
access profile configured.
You create a virtual server to handle LDAP or
LDAPS traffic and to encrypt authentication messages between Access Policy Manager and
the LDAP server.
An AAA server does not load-balance. Do not select a local
traffic pool for this virtual server.
- On the Main tab, click.The Virtual Server List screen opens.
- ClickCreate.The New Virtual Server screen opens.
- In theNamefield, type a unique name for the virtual server, such asldap_proxyorea-ldap-vip.
- ForSource Address, selectHostand type the address, for example0.0.0.0/0.
- For theDestination Address/Masksetting, confirm that theHostbutton is selected, and type the IP address in CIDR format (address/prefix).The various virtual servers being used for ephemeral authentication, LDAP, LDAPS, and/or RADIUS) can all have the same Destination Address as long as they use different service ports.
- In theService Portfield, select the port number for the LDAP or LDAPS server.Port 389 is the virtual port used for LDAP, and port 636 is used for LDAPS.
- ForProtocol Profile (Client), select a protocol profile (such as f5-tcp-lan).
- LDAPS Only: ForSSL Profile (Client), select a client SSL profile such as clientssl.
- ForSSL Profile (Server), select a server SSL profile such as serverssl. (Required only for LDAPS but recommended for LDAP as well)
- ForSource Address Translation, selectAuto Map.
- In the Ephemeral Authentication section, forAccess Configuration, select the Access Configuration you created.
- ForLDAP Authentication Configuration, select the you created.The LDAP Authentication Configuration connects to the backend LDAP server for ephemeral authentication. F5 recommends using a secure connection to the LDAP server and configuring anSSL Profile (Server).
- Under Resources, forDefault Pool, select the LDAP server pool you created when configuring the .
- ClickFinished.
The virtual server is created with the Ephemeral Access Configuration and the LDAP
Authentication Configuration associated with it.