AD Query Not Populating Nested Groups

Question

We're looking at enabling some RBAC using iRules, so we want to populate the memberOf field via an AD Query in our Access Profile. Our issue is that whether or not we have "Fetch Nested Groups" enabled in the AD Query block in the VPE, we only get the groups that a user is explicitly a member of.&nbsp;
Is there something we might need to do on the AD side to get this to work, or some configuration value on the F5 side that I'm missing? Barring either of those, is there a good work around?&nbsp;
We're running APM 12.1.2 HF1.&nbsp;

kenny_barnt · Answer

I Guess I should RTFM a little better. Poking around I found this note in the contextual help in the VPE for the AD Query block...&nbsp;

Note: Because this option requires administrative privileges, ensure that the administrator name and password are specified on the AAA Active Directory server configuration page.&nbsp;

... that I hadn't seen anywhere else. Added some credentials to the AAA server configuration and it works.&nbsp;

Forum Discussion

AD Query Not Populating Nested Groups

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Intermediate iRules: Nested Conditionals

Certified Kubernetes Administrator - Study Group

Nested Loop for IRules Redirects

Intermediate iRules: Data-Groups

GTM synchronization group

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS