Forum Discussion
M_Petr
Altostratus
AltostratusAD MemberOF
Hi everyone, Please answer me a question and explain:
Is it possible to change to what URL it is forwarding on request to f5 depending on the user's membership in the AD group?
Thanks!
Hello, if the AD auth or AD query fails the session variable for memberOf will not be populated. In the AAA server object do you have an Administrator account configured? Are you sure the credentials for the user (or admin account in the AAA configuration) are correct?
Faruk_AYDINNimbostratus
possible with F5 APM module
M_PetrThanks!
youssef1Cumulonimbus
Hi Petr,
Yes you can do It using APM following this steps:
You have to create a policy per session policy and of course a per request session in order to check each request (URI).
The per request policy let your analyse every user request...
Let me know if you need more details.
regards
- M_Petr
Thanks, I will try
- M_Petr
Hi, I have a problem.
When I add :
- Logon page
- AD auth
It's OK! Authentication is successed.
But if I add
- Logon page
- AD auth
- AD query with (expr { [mcget {session.ad.last.attr.memberOf}] contains "CN=GroupPod1" })
I get a message -
"AD module: query with '(sAMAccountName=userpod1)' failed: Preauthentication failed, principal name: ldap_user@CORP.AVALIS.CO.UA. Invalid user credentials. (-1765328360)"
And I dont see {session.ad.last.attr.memberOf} in the REPORTS.
What do you think?
Thanks!
Dave_WEmployee
Hello, if the AD auth or AD query fails the session variable for memberOf will not be populated. In the AAA server object do you have an Administrator account configured? Are you sure the credentials for the user (or admin account in the AAA configuration) are correct?
- M_Petr
Thank you, the Administrator account is configured incorrectly.