Forum Discussion
NimbostratusINTEGRATING LDAP AUTHENTICATION ON APM
Hi,
I am implementing Network access and SSL VPN on APM and want to use LDAP authentication. I am having trouble determining the missing link in the sAMAccountName using this string
sAMAccountName=%{session.logon.last.username}.
I have earlier implemented this in a vlab setup with successful login, however, in a live environment, I got a login error when tried to login. I substituted the sAMAccountName with uid=%{session.logon.last.username} (as in my vlab setup also) and tried to logon with a valid domain account (which failed), whereas, the same procedure worked perfectly in the vlab setup. Please, what am I getting wrong, the sAMAaccountName or some other settings?
Thank you.
2 Replies
Stanislas_Piro2Cumulonimbus
Hi,
Can you try the following command from F5 command line to show if LDAP information is correct?:
ldapsearch -xLLL -H 'ldap://LDAP_Server_IP' -b "LDAP_Search_root" -s sub -D "Admin_DN" -w 'Admin_PW' "(sAMAccountName=User_ID)"Replace LDAP_Server_IP, LDAP_Search_root, Admin_DN, Admin_PW and User_ID right informations
Admin_DN can be either the UserprincipalName, either the full DN
If authentication succeed and User attributes were retrieved, execute the same command to try to authenticate the user (replace Admin_DN and Admin_PW by User DN and User PW).
If the first authentication failed, you may use wrong LDAP bindings.
- Stanislas_Piro2
Hi,
The LDAP_Search_root is the LDAP Base DN (dc=company, dc=local)
the goal is to check:
- There is no connectivity issue (route, firewall)
- Admin credentials are OK
- Base DN is OK
- (sAMAccountName=User_ID) condition is the same as sAMAccountName=%{session.logon.last.username} in VPE.
If it is not OK, it will help you how to solve the issue.
