Forum Discussion

Mike_Ho's avatar
Mike_Ho
Icon for Cirrus rankCirrus
Sep 25, 2008

Dynamic members attribute

Can someone describe an example of how to use the "Dynamic members attribute" option when using the LDAP resource group mapping method? The help text mentions a URL to point to, but it's not clear wh...
BIG-IP Access Policy Manager (APM)
remote access
security
mal_57091's avatar
mal_57091
Icon for Nimbostratus rankNimbostratus
Oct 13, 2008
Hey Michael,

 

 

I just took a read through 6.0.3 admin guide on Dynamic member attribute and found (page 2-35):

 

 

In the Fetch group information from LDAP group object area, specify the attributes in the appropriate box.

 

• The Static members attribute relates to objects with multi-valued membership attributes such as the attribute that contains the list of the user’s DNs, for example, groupofNames, groupofUniqueNames.

 

• The Dynamic members attribute determines membership by executing an LDAP URL, for example, groupOfURLs, or an LDAP query that specifies criteria for a group’s membership.

 

 

Note: There is no group object, as such. That is, the LDAP URL exists only in the application that is using it.

 

 

To be honest i'm not a real LDAP guru but hopefully that helps.

 

 

So are you using LDAP for authentication or Group Mapping? Are you on 6.0.2 or 6.0.3? If so are you doing Resource Group mapping in each individual Master Group or globally? There may be a lot of value for you in separating up your Resource Group mappings on a per-Master Group basis. Perhaps this may save you having to maintain an LDAP database from hell ;-)

 

 

Kind Regards,

 

Mal