Forum Discussion
Nova_201357
Altocumulus
AltocumulusAPM Dynamic ACL assignment from AD
Greetings!
I had a static ACL applied to a Network Access Resource. In testing static assignment, it worked fine. So I took the same logic and formatted as a F5 ACL, put it in AD, in the test acc...
Nova_201357Altocumulus
AltocumulusHey there,
So for anyone who tried this, Brad is right. The ACL must be a single string with all the ACEs concatenated together. In my case, I had to clear out the AD attribute and paste the properly formatted ACL for it to work.
Thanks for the tips Brad!
BTW, F5 should consider documenting things like that!
Cheers, Mike
- Where do you think the best place would be to document it? This question comes up sometimes when people put characters like CRLF, or other things that don't translate well to session variables which are plain one-line ascii. In that case, it's auto-transformed to hex encoding.
Walter_Kacynsk1Nimbostratus
I would settle on the fact to document how Dynamic ACLs should be represented in AD/LDAP within the product documentation. Information on these are scarce to say the least. However their power is great in that group management is already externalized, so it would make sense to pair the ACLs with the group assignments.- Nova_201357I'd update this: https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-implementations-11-5-0/2.htmlconceptid Just add a caveat or a link to a sol doc that goes into greater detail. Thanks, Mike
