authorization then authentication?

Question

Is there a way I can pull attributes from LDAP before sending authentication request? 
&nbsp;  
&nbsp; This is what I would like to achieve: a user will be prompted for credentials, after entering them I want the LTM to find if the user is authorized to use this service by pulling attributes from LDAP for this user and if positive then send the authentication request. This will prevent sending to LDAP each and every attempt from the internet and reduce the probability of locking out accounts in LDAP 
&nbsp;  
&nbsp; Thanks 
&nbsp;

tarsier_90410 · Answer

Did you ever find a way to do this? &nbsp;

sam_111661 · Answer

I have managed to make this work by using the "Filter" in the LDAP server configuration on the LTM. I have set the filter to "attr=allowed". Now when the LTM looks for the user in LDAP it will look for "uid=username and attr=allowed" and will return a positive result only if the user=username has the attribute "attr=allowed" in LDAP; if the attribute doesn't exist the result will be user not found even if the user is there 
&nbsp;  &nbsp;

Forum Discussion

authorization then authentication?

Recent Discussions

How to implement LTM forward proxy client to determine the diversion pool based on the domain name

FTP PASV mode to Extended Passive mode

Oracle JDBC SSL Termination failing on F5

APM for banner and cert

An Irule for Client Ssl Profile that Allows Unassigned TLS Extension Values (17516)

Related Content

JWT authorization with NGINX Ingress Controller

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Resolve Citrix Secure Ticket Authority (STA)

iControl REST Authentication Token Management

Doing mTLS Authentication per URL

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS