Forum Discussion

Abdessamad_851's avatar
Icon for Nimbostratus rankNimbostratus
Jun 02, 2016

LDAP admin authentication - nested group membership


I would like to give access to a BIG-IP (running version 12.1.0) to users based on their group membership.

I have authentication working fine, and I can get group membership if the group directly assigned to the user.

But it I don't find a way to instruct the F5 to do recursive queries on nested groups.

auth ldap system-auth {
    bind-pw *****
    check-roles-group enabled
    debug enabled
    login-attribute sAMAccountName
    servers {  }
    user-template %s@
auth remote-role {
    role-info {
        Admins {
            attribute memberOf=
            console tmsh
            line-order 1
            role administrator
            user-partition All

Thanks for your assistance.

4 Replies