Forum Discussion
Dev_56330
Cirrus
Jan 15, 2018Remote User Management - LDAP Client Cert
Has anyone successfully deployed LDAP using client cert authentication to the BIG-IP TMUI? I see the guide though it is not very intuitive so I was curious if anyone would be willing to share their ...
Dev_56330
Cirrus
Jan 15, 2018Below is my current config though for some reason when modifying authentication methods for remote users, httpd stops with the error "err httpd[4467]: [error] Unable to configure verify locations for client authentication"
root@(bigip1)(cfg-sync Standalone)(ModuleNotLicensed::Active)(/Common)(tmos) show running-config auth
auth cert-ldap system-auth {
bind-dn CN=Administrator,CN=Users,DC=test,DC=com
bind-pw $M$O4$RMnF/vBcoSHr/NYmQqr7Yw==
debug enabled
login-attribute sAMAccountName
login-filter [a-zA-Z0-9]\\\\w*(\\\?=@)
login-name altSubjectName=Othername
search-base-dn DC=test,DC=com
servers { 10.1.20.10 }
ssl-cname-field san-other
ssl-cname-otheroid 1.3.6.1.4.1.311.20.2.3
sso on
}
auth password-policy { }
auth remote-role {
role-info {
BIGIPadmins {
attribute CN=BIGIPadmins,OU=Groups,DC=test,DC=com
console tmsh
line-order 1
role administrator
user-partition All
}
}
}
auth remote-user { }
auth source {
type cert-ldap
}
auth user admin {
description "Admin User"
encrypted-password $6$CEtjm9Te$.VC8lUQnU1NcT0Udsgq6jtR.SSbASW2//e3tfxmRXzb4nv7E1E.Bb0KotT2C..rbRMpBgbdJNs1sBRFdiBHXm1
partition Common
partition-access {
all-partitions {
role admin
}
}
shell none
}
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects