Forum Discussion
m_joseph_95412
Nimbostratus
NimbostratusAPM Resource Assigning
I have stand alone APM which users using authentication with MS AD.
There are many user groups in AD that can access different resources, the issue is there are some users belong to multiple groups so how can I use VPE to ADquery into all user group and then combine all their resources to show on webtop?. or requires the irule?
hooleylistCirrostratus
Hi LM,
You should be able to do this in the visual policy editor by:
Enabling 'fetch nested groups' in the AD query object.
Add each group to resource mapping in an AND'd list. Each group check will be performed and the corresponding resource assigned
Email me if you want more info: aaron at f5 dot com
Aaron
boneyardMVP
based on the above answer i implemented this with a "full resource assignment" VPE element in which in the Properties screen based on AD group membership the requested resource is assigned. a user that has several group memberships just gets all of the corresponding assignments.
Bertrand_8797Hi all,
I have a similar issue. I'm working with AD group ressource assign. When I have a user belonging to more than one group I get this error message :Configuration error. The configuration includes more than one Network Access resource with auto launch. Please contact your system administrator for assistance.
I tried, AD group ressource assign box to create a new entry with Group1 and Group2 and ressource but the configuration doesn't solve the error message ! Do I have to create on branch by type of memberOf ? Why the AD group assign is not able to check if one user is belonging to 2 or more groups ?
Thanks for your response.
BD
THiAPM Access Manual: Configuring Webtops states: "Note: If you add a network access resource with Auto launch enabled to the full webtop, the network access resource starts when the user reaches the webtop. You can add multiple network access resources to a webtop, but only one can have Auto launch enabled." Think APM tries to start two NA resources (one from each group) and errors. Obviously APM does not allow multiple auto launch Network Access resources to same user, only one per time.