For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

opers13_3280's avatar
opers13_3280
Icon for Nimbostratus rankNimbostratus
Oct 17, 2009

LDAP configuration

I'm in the process of configuring LDAP on the F5.     Do I have to create an account in AD for the F5 so it can search LDAP??     thanks
microsoft
partner
Jason_40733's avatar
Jason_40733
Icon for Cirrocumulus rankCirrocumulus
Mar 21, 2012
Nagesh, your error is giving you invalid credentials. I'd double check your DN and password for your query userid. Also, check your "usertemplate" definition. I'm not running version 9 so I can't say for certain.

 

 

Opers13, Yes. You do need an ID that has privileges to query your AD structure and verify users.

 

 

Here is a sample of the sections in our bigip.conf file that show remote roles for specific groups for admin and operators. Our generic login lets anyone come in as a guest. This allows us to specify remote groups with enhanced privileges.

 

 

remoterole {

 

role info {

 

ltm_admins {

 

attribute "memberOf=CN=ltm_admins,CN=Groups,DC=ad,DC=redmond,DC=microsoft"

 

line order 1000

 

role "administrator"

 

user partition "all"

 

}

 

ltm_operators {

 

attribute "memberOf=CN=ltm_operators,CN=Groups,DC=ad,DC=redmod,DC=microsoft"

 

line order 1010

 

role "operator"

 

user partition "all"

 

}

 

}

 

}

 

 

auth ldap system-auth {

 

search base dn "dc=ad,dc=redmond,dc=microsoft"

 

bind dn "cn=adsearch,cn=users,dc=ad,dc=redmond,dc=microsoft"

 

bind pw "ourawesomesecretpassword"

 

login attr "uid"

 

user template "%s@ad.redmond.microsoft"

 

servers "192.168.1.2"

 

}

 

 

 

I'm not a Microsoft employee and the above information are just for examples.

 

 

Jason