Symptoms

Creating an LDAPS authentication configuration in the GUI with default values results in error messages.

Impact

Although ldap authentication succeeds, you will see error messages in /var/log/secure: err tamd: pam_ldap: ldap_set_option(LDAP_OPT_X_TLS_NEWCTX): Can't contact LDAP server err tamd: pam_ldap: _set_ssl_options failed

Conditions

This occurs when you are creating a ldap authentication object that uses client certificates using the GUI, but the xkuwbr certificate and client key is left at the default. Due to a sorting issue with the client certificate it is set to ca-bundle.crt but the key is set to default.key. The default for the client certificate should be default.crt.

Workaround

Setting the ssl-client-cert value to "default.crt" fixes the issue.

Fix Information

Add the correct certificate to GUI so it is set properly.

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips