For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

NetAdminCoop_36's avatar
NetAdminCoop_36
Icon for Nimbostratus rankNimbostratus
May 17, 2018

Unable to use LDAP for Administrator Login to our LTM

Hello:   I need to configure LDAP for administrators to log into the management interface of our LTM (BIG-IP 12.1.2 Build 1.0.271 Hotfix HF1). I have followed several articles on this but no luck....
BIG-IP
LTM
security
Peter_Baumann's avatar
Peter_Baumann
Icon for Cirrostratus rankCirrostratus
May 18, 2018
Example of a working config with Active Directory
  • You need to change bind-dn, bind-pw and servers for your AD
  • Change the remote-role according to your AD group objects
  • The UPN (userPrincipalName) will be used for login (e.g. name@domain.com)

Use in tmsh "load sys config merge from-terminal" and paste the following text:

 LDAP Access
auth ldap system-auth {
    bind-dn CN=yourusername,OU=yourorg,DC=domain,DC=com
    bind-pw yourpassword
    login-attribute userPrincipalName
    port ldaps
    search-base-dn DC=domain,DC=com
    servers { dc.domain.com }
    ssl enabled
}

auth remote-role {
    role-info {
        LDAP-Administrator {
            attribute memberOF=CN=Domain Admins,DC=domain,DC=com
            console tmsh
            line-order 1
            role administrator
            user-partition All
        }
        LDAP-ReadOnly {
            attribute memberOF=CN=Domain Users,DC=domain,DC=com
            line-order 2
            role guest
            user-partition All
        }
    }
}
auth remote-user {
    default-partition Common
}
auth source {
    type active-directory
}