F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Ruggerfly1's avatar
Ruggerfly1
Icon for Nimbostratus rankNimbostratus
Apr 26, 2016

APM AD Query Search Filter options

Good Morning

 

I have an AD Query used in a multi domain policy. the policy appends domain so login is fine however, however the AD Query fails as some Users do not have a UPN.

 

IN the AD Query how can I tell it to search for one or the other?

 

Works for some (sAMAccountName=%{session.logon.last.username}) Need this for the others (CN=%{session.logon.last.username}) as that attribute is set for all.

 

thanks

 

BIG-IP Access Policy Manager (APM)
security

4 Replies

  • Josiah_39459's avatar
    Josiah_39459
    Historic F5 Account
    Apr 26, 2016

    Sounds like you need to use an Empty box in the VPE with branch rules to check the domain session variable (session.logon.last.domain usually, or wherever else you are storing it). Then you can send one group of users to one AD query and send the other group of users to the other one.

     

    • Ruggerfly1's avatar
      Ruggerfly1
      Icon for Nimbostratus rankNimbostratus
      Apr 26, 2016
      For the 2nd AD Query will this work Search Filter? Was thinking it might be LDAP only. If so then I could use the variable based off domain and send UPN to AD Query, other to LDAP query. (CN=%{session.logon.last.username})
    • Josiah_39459's avatar
      Josiah_39459
      Historic F5 Account
      Apr 26, 2016
      There's no real reason to use AD query over LDAP query, so just go with the LDAP query.