Big-IQ LDAP User Bind Template

​After digging some more, I found the info below.  I confirmed with our AD team that the user ID is the separate sAMAccountName and can't be used with DN format so the only way we can use our username is with a UPN formatted template.  According to the info below, support for UPN is supposed to be in 6.0 but we installed 6.1 and the UPN format is not supported in the GUI so I don't know what the deal is.  I have that question into F5 and awaiting a response.

680899 : Support for UPN binding in Active Directory authentication providers

Component: REST Framework and TMOS Platform

Symptoms:

BIG-IQ 5.4 and earlier does not allow binding to Active Directory using the UPN (e.g., username@example.com), but only using the DN (cn=username,dc=example,dc=com).

Conditions:

Authentication.

Impact:

This is unwieldy and rather uncommon in an environment using an Active Directory domain controller. Moreover, we mandated using a dedicated bind account for both LDAP and AD authentication providers, which is not allowed in certain organizations.

Workaround:

Use a DN to bind to Active Directory

Fix:

BIG-IQ version 6.0.0 now includes support for binding to external Active Directory auth providers using a User Bind Template either in the User Principal Name (UPN) format, e.g., {username}@domainname.example.com, or in the Down-Level Logon Name format, e.g., domainname\{username}.

We also no longer require specifying a bind user to authenticate a user against an external LDAP or Active Directory authentication provider.