Sounds like my F5 config is slightly different from yours. I’m not certain of the term for it, but my F5 passes the packets without inserting its own address into the packets. All my LDAP servers have the ldapserver.example.com address as a second address on their loopback interface and know that they are also ldapserver.example.com and respond back to the client directly from the ldapserver.example.com address. I’m guessing that in your setup, your AD servers do not have the ldap.test.com address on any of their interfaces and it is likely that the requests are showing up from the address of the F5 not from the actual clients and that your AD servers are answering back to the clients through the F5. I’ve never had to figure out how to make something like that work.
Systems Architecture & Administration
From: Tadashi Inayama <tci@xxxxxxx>
Date: Tuesday, February 16, 2016 at 6:53 PM
To: Frank Swasey <Frank.Swasey@xxxxxxx>
Cc: "cyrus-sasl@xxxxxxxxxxxxxxxxxxxx" <cyrus-sasl@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: Load-balancing LDAP using GSSAPI/Kerberos/Cryus-SASL
Description: S/MIME cryptographic signature