For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Grayson_149410's avatar
Grayson_149410
Icon for Nimbostratus rankNimbostratus
Nov 08, 2016

APM LDAP Auth Using Email Address

We are in the process of moving away from one HR system to another. By doing this, all of our warehouses users need to be able to log into some Sharepoint sites occasionally. We already have this se...
application delivery
BIG-IP Access Policy Manager (APM)
Michael_Jenkins's avatar
Michael_Jenkins
Icon for Cirrostratus rankCirrostratus
Nov 08, 2016

I just finished doing something similar. Essentially I modified the policy to allow 

domain\username
, 
username
(using default domain), and 
email
. Since you're asking about just email, I'll explain what I did there. (Note: we use AD instead of LDAP, but this is how I think it ought to work for you)

After the 

Login Page
action, I would use the 
LDAP Auth
action to search for the user. I would set the 
SearchFilter
to 
(mail=%{session.logon.last.logonname})
and the root LDAP DN in the 
SearchDN
.

From there, use an 

LDAP Query
action with the same 
SearchFilter
and 
SearchDN
and add whatever attributes you'll need (i.e. 
samaccountname
).

From there, you can add an 

SSO Credential Mapping
object using 
session.ldap.last.attr.sAMAccountName
for the 
SSO Token Username
property (may show up in the drop down there).

Hopefully that will help.