Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco ACE Loadbalancing and LDAPS

Could anyone put me in the direction of a configuration document or advice on configuring load balancing with LDAP secure port. Ive read various articles about LDAPS not being supported on the ACE, is this correct?

I have partially configured this but have nat issues at the moment as its in one arm mode and this VLAN does not have any NAT configured. I have no configuration for the SSL termination and not quite sure how that will work either.

Any advice would be appreciated.

Everyone's tags (3)
Cisco Employee

Cisco ACE Loadbalancing and LDAPS

Hi Cassandra,

LDAP is not supported in ACE as a L7 protocol, but that doesn't mean you cannot load-balance it, it's simply that you cannot apply any kind of L7 inspection and forget also about the SSL termination. If you configure it for pure L4 load-balancing, it should be just like any other protocol.

If you are using one armed, you must find a way to send the return traffic through the ACE. This is normally done with the use of NAT, but, you may also use other methods such as policy-based routing. Be aware that unless this return traffic goes through the ACE, connections will not work, so there is no point in testing the application until this is fixed.

I hope this helps


New Member

you can L4 loadbalancing for

you can L4 loadbalancing for LDAP over SSL,

Something like:


ssl-proxy service sfLDAP_SSL-Proxy

key LDAP-KEY-1024.pem

cert LDAPS.FOO.COM.pem


serverfarm host LDAP-SF

predictor leastconns

rserver rs1 389


rserver rs2 389



class-map match-any LDAPS-VIP

2 match virtual-address  tcp eq 636


policy-map type loadbalance first-match LDAP-L4-Policy

class class-default

   serverfarm LDAP-SF


policy-map multi-match LDAP-MM


   loadbalance vip inservice

   loadbalance policy LDAP-L4-POLICY

   ssl-proxy server LDAP-SSL-PROXY

CreatePlease to create content