AD query not working

Question

Hi everyone, &nbsp;
for some reason, my AD query is not working. When I check if the user is a member of a specific group, I get an access deny, altought the user is in the right group. My query is like this:&nbsp;
Expression: User is a member of CN=BigIP_EXTUSER_MULTI,OU=EXTUSER,OU=MS Users,DC=xx,DC=xxxx,DC=xxx.&nbsp;
Straight and forward but somehow, getting an access deny&nbsp;
In y query, the option Fetch Primary is enabled and the other options are disabled.&nbsp;
Any ideas on why it ain't working?&nbsp;
Tks&nbsp;

snl · Answer

Wht error observed on APM session reports , Also refer below KB ADtest&nbsp;
AD test link&nbsp;

stanislas_piro2 · Answer

Hi,&nbsp;
Is the user member of this group or is he member of a nested group?&nbsp;
for troubleshooting, can you edit VPE with following box:&nbsp;
add a message box after AD query fallback branch (branch where the user doesn't match group mapping)
when the user is authenticated but doesn't match group mapping, the browser may display the added message box. don't click on continue for now... this stop policy evaluation for next step...&nbsp;
then in "manage session" page (access overview / active session in version 13 and 14), find your session and click on "view variables"&nbsp;
then search memberOf variable... find if the expected group is in this attribute.&nbsp;

Forum Discussion

AD query not working

Recent Discussions

I used the wrong email account when take Application Delivery Exam (101)

F5 iControl REST API - viewBy Parameter Issue in Analytics Report

'F5 rules for AWS WAF' ruleset not working for jsp web shell attack

Disable ssl or https for the embed url

did not show checkbox on chrome while access through f5

Related Content

iRuleLX Solution for OAUTH JWT authenticated Salesforce Query

iRule Processing query

Pool downtime query

BIG-IP Advanced Firewall Manager (AFM) DNS NXDOMAIN Query Attack Type Walkthrough - part two

BIG IP DNS - Queries Per Second

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS