For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

domokos_23867's avatar
domokos_23867
Icon for Nimbostratus rankNimbostratus
May 29, 2018

AD - LDAP querry and refferals - APM

Hello,   I cannot find a similar setup being discussed so I am trying my luck. We have an F5 with APM module. It uses and AD server for LDAP queries. The users connect to the logon page shown by t...
application delivery
BIG-IP Access Policy Manager (APM)
youssef1's avatar
youssef1
Icon for Cumulonimbus rankCumulonimbus
May 29, 2018

Hi Carol.

I think that your problem is about system problem.

can you try an ldap querry without apm in order to check if you relationship is correct and if what's you want to do is possible (ldap query in AD1 that will fw to AD2...).

https://support.f5.com/csp/article/K15811

  • Use the following ldapsearch command to send LDAP queries to the server.

ldapsearch [options] [filter [attributes...]]

  • For example, the following command queries the LDAP server 172.24.171.1 for a BIG-IP administrative user account named bigipwasa:

ldapsearch -x -h 172.24.171.1 -D "cn=admin,dc=askf5,dc=pslab,dc=local" -w askf5 -b 'uid=bigipwasa,ou=Users,dc=askf5,dc=pslab,dc=local' '(objectclass=*)'

You have another possibility, is to modify your policy:

  • logon page
  • ldap query on AD1
  • if AD1 result is successfull FW user to AD1 for authentication.
  • if LDAP Query on AD1 Fail FW user to AD2 for authentication...

Regards