Forum Discussion
R_Marc
Nov 14, 2015Nimbostratus
create auth ldap system-auth { bind-dn "cn=bindaccount,ou=Service Accounts,ou=Some Users" bind-pw bindpw login-attribute samaccountname port ldaps search-base-dn "ou=Some Users" servers add { adserver } ssl enabled ssl-ca-cert-file CA.crt user-template %s@somedomain }
modify /auth remote-role role-info add { Admin { attribute "memberOf=CN=administrator,OU=SomeOU Groups" console tmsh line-order 500 role administrator user-partition All } }
modify /auth source { type active-directory }
This assumes you have a valid AD bind account and you have the DN of the remote role. You can look the roles up using AD tools.