Setup load balancing for Secure LDAP

Hi,

 

We're having some trouble load balancing internal LDAP requests via our F5's and would like to know if the way we're attempting to implement it is correct.

 

We have two datacenters which each have a few domain controllers.

 

Our aim is to setup a wide-ip which we can point services to perform LDAP requests to and have the F5's automatically send this to the correct datacentre i.e. if DC1 is down the F5's will send LDAP requests to DC2 instead.

 

We're doing our testing on our F5 at DC2 (our disaster recovery/non-prod datacentre).

 

On this F5 we've setup a wide IP called ldaptest.gtm.domain. This wide IP has been associated with a pool (ldap_test_pool). The pool at present points to only 1 virtual server on service port 389.

 

On the LTM level we have a virtual server setup called LDAP_Test_389 which has been configured with an IP and a service port of 389. The virtual server has then been associated with the pool LDAP_Test_389_Pool. LDAP_Test_389_Pool has 1 member at the moment which is a domain controller at DC2 on service port 389.

 

When we test LDAP using LDP.exe (Microsoft LDAP tool) to ldaptest.gtm.domain this works fine.

 

We'd like to know how we can now add Secure LDAP (port 636) and other LDAP ports like 3268 and 3269 to the above. For secure LDAP we're happy for the F5 to passthrough the SSL to the server rather than offloading it onto the F5.