For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Eric_Brander_27's avatar
Eric_Brander_27
Icon for Nimbostratus rankNimbostratus
Dec 05, 2007

Active Directory (via LDAP) Authentication

I've successfully set up AD Authentication off-loading with the LTM and Client Authentication module. So now in order for a user to hit our intranet site, they will have to have a valid AD account.

 

 

But what if I want to have multiple pages with different authorization requirements? www.intranet.com would be ok for anyone to see, but only members of GRP_Accounting should be able to visit www.intranet.com/accounting.

 

 

I assume I would create multiple profiles each with its own GROUP DN setting that's apropriate, and then an iRule for each URL? Has anyone done this before or am I simply asking the F5 to do to much and should handle this sort of access control on the web server itself?

 

 

TIA,

 

 

Eric Brander
microsoft
partner

2 Replies

  • Fahad_A__Bin_Ma's avatar
    Fahad_A__Bin_Ma
    Icon for Nimbostratus rankNimbostratus
    Feb 20, 2008
    can you tell me how you off load the authentication of AD on LTM. can you send me the steps for this.

     

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Feb 21, 2008
    Hi fahadabm,

     

     

    You can find docs on AskF5 which detail the configuration steps. Here is an example for configuring AD authentication for client traffic (as opposed to administrative authentication for the GUI/console) in 9.3:

     

     

    Manual Chapter: BIG-IP Local Traffic Manager version 9.3 Implementations: Configuring Remote Authentication for Application Traffic (Click here)

     

     

    Aaron