Forum Discussion
Daniel_Ao_10370
Nimbostratus
NimbostratusAuthentication through ldap or local database
I have an LTM and I would like to enable authentication when client initiate session to the backend servers. Is it possible to authenticate users through Active Directory? Is Authentication module required? Can I write an irules to do this?
hoolioCirrostratus
Yes it is possible to authenticate client traffic to a virtual server using Active Directory (using the remote LDAP configuration) and yes it requires the Advanced Client Authentication module. You can search for
v10 - Remote authentication of client traffic using LDAP or Active Directory
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_implementations_guide_10_0_0/sol_app_auth.html1022202
v9.4.2+ - Remote authentication of client traffic using LDAP or Active Directory
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_sol_guide_943/sol_app_auth.html1022202
Advanced Client Authentication Module
http://www.f5.com/products/big-ip/feature-modules/advanced-client-authentication.html
Aaron
Daniel_Ao_10370I don't have any authentication modules on my BIGIP. Can I use local database to authenticate? Is it required any modules when using local database??- hoolioI'm pretty sure you need to buy the ACA to use any remote database for client authentication. And no, you cannot configure the local admin database for client authentication.
If you can use HTTP to send the auth request to a remote host, you could use HTTP::retry as described in Deb's article:
Conditioning iRule Logic on External Information - 1 - HTTP::retry
http://devcentral.f5.com/Default.aspx?tabid=63&articleType=ArticleView&articleId=105
Aaron