Forum Discussion
Abdessamad_851
Nimbostratus
NimbostratusLDAP admin authentication - nested group membership
Dear,
I would like to give access to a BIG-IP (running version 12.1.0) to users based on their group membership.
I have authentication working fine, and I can get group membership if the group directly assigned to the user.
But it I don't find a way to instruct the F5 to do recursive queries on nested groups.
auth ldap system-auth {
bind-dn
bind-pw *****
check-roles-group enabled
debug enabled
login-attribute sAMAccountName
search-base-dn
servers { }
user-template %s@
}
auth remote-role {
role-info {
Admins {
attribute memberOf=
console tmsh
line-order 1
role administrator
user-partition All
}
}
}
Thanks for your assistance.
Thrillseeker_12Cirrus
Hi,
I've exaclty the same question. How to handle nested groups (group in groups) in AD for Mgmt access.
Thanks Thrillseeker
- Anthony_Graber
Employee
As far as I know, you need to reference all of the groups individually. Nested groups will not work.
Hi,
The only way I know it's through BIG-IP APM, with the LDAP Query Agent which return nested groups in session variables.
More info:
FindusAltostratus
Hi, does anyone know if this behaviour has been changed in newer releases? Especially with 13.1 ?
Cheers, Peter
