Forum Discussion

Colt_Majkrzak1's avatar
Icon for Nimbostratus rankNimbostratus
Mar 26, 2012

APM V11.1HF1 querying Active Directory

Hi Everyone,





I was wondering if anyone could shed some light on an issue I'm having with a LAB setup. I have a pretty average APM policy setup (Built from the wizard), but I'm attempting to check if the users are a member of a AD group, and assigning resources accordingly. So for example, members of Administrators would see the server(s) RDC connections, while everyone else would just be able to access apps/network connect.




To do this, I'm attempting to use 'Active Directory Auth has Passed' AND User is a member of


CN=Administrators, CN=Builtin, DC=mydomain, DC=local, which is set to the top most item in the branch rules. Below that is just a simple 'Active Directory Auth has Passed' condition. On execution of the policy, I will never hit the top most condition, no matter how many ways I've tried it. On further review, I noticed the following in the logging of APM.




Mar 25 22:31:49 apm debug apd[8648]: 01490000:7: AccessPolicyProcessor/AccessPolicy.cpp func: "execute()" line: 294 Msg: Rule to evaluate = "expr { [mcget {}] == 1 && [mcget {}] contains "CN=Administrators, CN=Builtin, DC=mydomain, DC=local" }"


Mar 25 22:31:49 apm debug apd[8648]: 01490000:7: ./AccessPolicyProcessor/Session.h func: "getSessionVar()" line: 240 Msg: variable "" was not found in the local cache for session "46ca3a01"


Mar 25 22:31:49 apm debug apd[8648]: 01490000:7: memcache.c func: "mc_convert_session_var_to_mc_key()" line: 854 Msg: Converted Var: to Session Var


Mar 25 22:31:49 apm debug apd[8648]: 01490000:7: ./AccessPolicyProcessor/Session.h func: "getSessionVar()" line: 262 Msg: variable "" for session "46ca3a01" was not found in MEMCACHED




Which tells me the var in memory is never actually populated. I have ran adtest and verified the F5 VM is able to communicate with AD, so I'm a bit at a loss on how I might get this working. If anyone has any tips, it would be a great help.



Thank You!



28 Replies