Forum Discussion

wsanders_233261's avatar
wsanders_233261
Icon for Nimbostratus rankNimbostratus
Jun 08, 2018

Multiple servers in auth ldap system-auth?

It appears that auth ldap system-auth accepts multiple servers:

auth ldap system-auth {
bind-dn "xxxx"
bind-pw xxxx
login-attribute xxxx
search-base-dn xxxx
servers { 10.2.66.57 ; 10.7.66.57 }

This option and behavior do not seem to be documented anywhere, and only one server shows up in the GUI.

Is this supposed to work? This seems marginally simpler than setting up a local LDAP pool and virtual if it does.

LTM version is 13.1.0.5,

3 Replies

  • Before you setup an LDAP virtual server/pool know that you cannot authenticate against (read: route to) a virtual server which is "hosted" by the LTM to which the user is attempting to login.

     

    Meaning you cannot do this:

     

    • LTM A - setup "ldap.foo.com" virtual server
    • LTM A - point at "ldap.foo.com" for authentication

    You would have to setup the virtual server on a different LTM (or LTM cluster).

     

  • It works for us. Every LTM I've worked on has been able to route to its own virtuals. It might make an extra round trip through the LTM, but it works.