Forum Discussion
APM dynamically retrieve last logon computername using LDAP RDP portal access
Dear All,
I am looking for a way to migrate a complex Pulsesecure remote access solution, every internal employee has their own RDP connection to access their workstation from home. This way of working they would like to retain. There are lots of local users configured with RDP resources and I am trying to find a more dynamic and manageable approach, so why not search the Active Directory where the user was logged on and use that information (computer name) to automatically setup a RDP connection to their workstation.
Does anybody know how to retrieve this information via a LDAP query? And also dynamically setup an RDP connection to the computername?
Your ideas are more then welcome.
- youssef1Cumulonimbus
Hi,
First of you have to asked to your AD admin if you store this kind of information (workstation info in AD attribute which is not the case by default).
If not you can asked to AD admin or IAM (Identity access manager) if they can add this information in AD.
You can also manage this in F5 using Datagroup to attribute a Workstation IP by user but it's not great in terms of administration and maintenance.
The last alternative is to let user enter his workstation manually after authentication process and save it in sessiontable to avoid user to enter his workstation name/ip to each connection.
Regards
- RossVermetteNimbostratus
I'm not sure what the LDAP query attribute would be, but... we use an "AD Query" with the following: SearchFilter: (samAccountName=%{session.logon.last.username})Required Attributes (optional): 1. memberOf, 2. desktopProfile.
Then we do a Domain Variable Assignment: session.ad.last.attr.desktop.Profile = AD attribute name desktopProfile
For your Remote Desktop application object: the host name would be set to: %{session.ad.last.attr.desktopProfile}
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com