Forum Discussion

Altocumulus

5 years ago

AD QUERY FOR APM POLICY

Hi, How can i specify the group a user must be a member of in the AD query component of the APM policy on the F5. It seems like there has to be a format for the specification of the group on the AD q...

Azure

BIG-IP Access Policy Manager (APM)

cloud

Amine_Kadimi

MVP

5 years ago

Can you see and confirm from the APM debug logs whether those users are going through the expected branch or whether they hit another one?

Oreoluwa
Altocumulus
5 years ago
Hi guys, so i found that there was am ad group resource assignment where i could specify groups i have imported from the Actice Directory to the F5. This has worked on my lab and i have different portal views foe different groups of users. However, at a production site, the import of groups is failing. Showing an error unable to import group. I have confirmed that the F5 can reach the AD and query it. It just doesnt import the groups. Any solution to this please??
- Marco_Lei
  Altostratus
  5 years ago
  Hi,
  
  Have you tried to use the same user in APM AD server config to query the AD server by "ldapsearch" in command line?
  
  Also, F5 will send request to port 88 of AD server when you configured AD in "Active Directory" section, but if LDAP is used to configure AD, F5 will send request to port 389 or 636. Hope this helps.
- boneyard
  MVP
  5 years ago
  did you get this working Oreoluwa?
  
  if so flag the question as answered.
- Oreoluwa
  Altocumulus
  5 years ago
  yes. Using AD group resource assignment after i had imported the group on the AD on F5.