Ldap query not returning memberOf

Hi Guys,

 

Im trying and failing miserably to setup LDAP query in the VPE to assign resources based on group membership but its not assigning the memberof attribute :(

 

AD2008 TMOS 11.4.1 HF3

 

LDAP Query Settings...

 

searchDN= DC=test,DC=local filter= sAMAccountName=%{session.logon.last.username} ranch rule= expr { [mcget {session.ldap.last.attr.memberOf}] contains "CN=Users,DC=test,DC=local" }

 

in the debug logs i cannot see the below entry...

 

Session variable 'session.ldap.last.attr.memberOf' set to '| CN=TS Web Access Computers,CN=Users,DC=test,DC=local | CN=superuser,CN=Users,DC=test,DC=local | CN=Remote Desktop Users,CN=Builtin,DC=f5demo,DC=local |'

 

the above log is from my another test machine which is working but using AD2003.

 

the account used in the ldap aaa object is a domain admin member so rights should not be causing the issue because i am pulling info such as...

 

Session variable 'session.ldap./Common/apm2_profile_act_ldap_query_ag.attr.userPrincipalName' set to 'test@test.local'

 

it would appear that what is coming from the AD is less info than what is being pulled from my test lab.

 

has anyone come accross this at all and have a resolution, or any hints and tips on how to resolve this issue?

 

thanks,

 

B