Forum Discussion

Nimbostratus

Sep 24, 2013

Need help to configure BIGIP LTM to use MS Active Directory for authenticating BIGIP system user accounts for MGMT Interface

Hi, I am doing one BIGIP LTM Virtual Edition 10.1 ( 90 days trial) setup in our lab to test the appliance. In this process I was trying to configure the appliance to use Microsoft 2008 Active Direct...

BIG-IP Access Policy Manager (APM)

Cirrocumulus

Sep 24, 2013

Here is what our 10.2 ldap auth definition looks like in the bigip.conf file to our 2008 AD Directory server.

auth ldap system-auth {
   search base dn "dc=prod,dc=ad,dc=bigcompany"
   bind dn "cn=ldapverify,cn=users,dc=prod,dc=ad,dc=bigcompany"
   bind pw "ldapverifypassword"
   login attr "uid"
   user template "%s@prod.ad.bigcompany"
   servers "10.10.10.10"
}

This section in our bigip.conf defines the role for remote users.

remote users {
   default partition all
   default role guest
}

We use the following in our 10.2 LTM setup to define additional remote roles in addition to the default access granted AD accounts. This is also in the bigip.conf file.

remoterole {
   role info {
      slb_admins {
         attribute "memberOf=CN=slb_admins,CN=Groups,DC=prod,DC=ad,DC=bigcompany"
         console "disable"
         line order 1000
         role "administrator"
         user partition "all"
      }
      slb_appeditors {
         attribute "memberOf=CN=slb_appeditors,CN=Groups,DC=prod,DC=ad,DC=bigcompany"
         console "disable"
         line order 1020
         role "app editor"
         user partition "all"
      }
      slb_operators {
         attribute "memberOf=CN=slb_operators,CN=Groups,DC=prod,DC=ad,DC=bigcompany"
         console "disable"
         line order 1010
         role "operator"
         user partition "all"
      }
   }
}

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)