How to Configure an LDAP Endpoint
As of 126.96.36.199, you can configure LDAP endpoints in the LoadMaster. Once configured, these endpoints can be used to configure LDAP Web User Interface (WUI) authentication. For instructions on how to use LDAP for WUI Authentication, refer to the following article: How to Use LDAP for WUI Authentication
This guide relates to configuring an LDAP endpoint.
In the LoadMaster WUI, go to Certificates & Security > LDAP Configuration. Create a new LDAP endpoint by typing a valid name and clicking Add. No special characters or spaces are allowed.
Then, specify your parameters.
LDAP Server(s) = The IP address(es) of your LDAP server.
LDAP Protocol = The protocol. Choices are Unencrypted, StartTLS or LDAPS.
Validation Interval = How often the user is re-validated against the LDAP server.
Referral Count = Set this field to a value between 1 and 10 to enable referral chasing. The number specified will limit the number of hops (referrals chased). Set to 0 to disable.
Admin User = The username checked against the LDAP to verify if it is up.
Admin User Password = The password of this user.
LDAP endpoints can be used in SSO domains and/or for WUI authentication. For more information, refer to the following article: How to use LDAP for WUI Authentication
Using LDAP Search To Test ESP Authentication
This happens when the LDAP Endpoint is already in use. To confirm where the LDAP Endpoint is in use, you'll need to verify three locations:
1. Navigate to Virtual Services > Manage SSO (if present) > modify any SSO domain that you may be using for LDAP authentication > view the LDAP Endpoint field.
2. Navigate to Certificates & Security > Remote Access > WUI Authorization Options > observe the LDAP Endpoint field in the LDAP row.
3. Navigate to Virtual Services > View/Modify Services > modify any VS designed to load balance LDAP traffic > expand Real Servers and view the LDAP Endpoints field.
I would recommend against changing these fields, as they will modify some aspect of your LoadMaster. If you find the LDAP Endpoint is currently assigned to a field or feature you're no longer using, only then would I recommend removing it.
What access does the Admin User account need to have?
Should this be an account dedicated to this function?
Hi Gavin Urquhart
I am honestly not sure on the specifics. In the past I just used a standard AD account, not special privileges'. The account is just for health checking, to see if we get back a valid response back from your AD to let us know it is up and healthy, or not.
Thanks Nick. I have tested with a standard user account and it seems to work. Would be nice to have some supporting documentation though. I can't seem to find any.
I am Unable to delete the existing LDAP endpoint, it is showing grayed out.