Last Modified: Nov 22, 2021
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
11.2.1
Fixed In:
11.6.0
Opened: Apr 14, 2014 Severity: 4-Minor
Creating an LDAPS authentication configuration in the GUI with default values results in error messages.
Although ldap authentication succeeds, you will see error messages in /var/log/secure: err tamd: pam_ldap: ldap_set_option(LDAP_OPT_X_TLS_NEWCTX): Can't contact LDAP server err tamd: pam_ldap: _set_ssl_options failed
This occurs when you are creating a ldap authentication object that uses client certificates using the GUI, but the xkuwbr certificate and client key is left at the default. Due to a sorting issue with the client certificate it is set to ca-bundle.crt but the key is set to default.key. The default for the client certificate should be default.crt.
Setting the ssl-client-cert value to "default.crt" fixes the issue.
Add the correct certificate to GUI so it is set properly.