Forum Discussion
Ok I had this exact issue today and have got this working with Active Directory groups on the BIG-IQ, my configuration is as follows:
Bind User: Required
Bind Password: Required
Root DN: DC=contoso,DC=com
Authentication Method: Simple
Search Scope: Subtree
Search Filter: (sAMAccountName={username})
User Display Name Attribute: displayName
Group Display Name Attribute: cn
Group Search Filter: (&(ObjectCategory=Group)(cn=F5*))
Group Membership Filter: (|(member={userDN})(uniqueMember={userDN}))
Note my groups contain F5 in the name which is referenced in the group search filter
Now go and create a user group selecting LDAP as the authentication method, in the remote group filter leave blank and select search this should populatea drop down box with all AD groups that match the criteria above, select the appropriate group and map a role and you should be able to login as long as the account is a member of the group.
Hopefully this helps someone
Hi Raheem,
Can you please explain with examples: we are using BIG-IQ 6.1.0v
Bind User: Required <<<< for this
Bind Password: Required <<<< for this
Root DN: DC=contoso,DC=com
Authentication Method: Simple
Search Scope: Subtree
Search Filter: (sAMAccountName={username})
User Display Name Attribute: displayName
Group Display Name Attribute: cn
Group Search Filter: (&(ObjectCategory=Group)(cn=F5*))
Group Membership Filter: (|(member={userDN})(uniqueMember={userDN}))