Using LDAP attribute(s) to determine roles?

Question

As our organization has grown, managing users and user roles has become very time consuming. Is there any means by which user roles could be assigned at login time using LDAP attributes (namely OU)?

For example, could we assign the role of "Application Editor" to all users that have an OU equaling "QA"?

If anyone has any other suggestions that may help lessen the administrative overhead involved in managing an ever growing user base, please share!

Thanks!

Evan

george_watkins_ · Answer

Hi Evan, 
&nbsp;  
&nbsp; The feature you're looking for is called "Remote Role Groups" and was introduced in BIG-IP version 11. You'll want to configure a remote authentication source (System &gt; Users &gt; Authentication) and input all the parameters for your LDAP server there. Next you'll create a Remote Role Group (System &gt; Users &gt; Remote Role Groups) for the QA group. Here is all the info you'll need: Configuring Remote User Authentication and Authorization.  
&nbsp;  
&nbsp; Hope that helps, 
&nbsp;  
&nbsp; George

evan_25555 · Answer

Thank you, George-much appreciated!&nbsp;&nbsp;&nbsp;&nbsp;Evan&nbsp;

Forum Discussion

Using LDAP attribute(s) to determine roles?

2 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

2026 is Almost Here

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

VIP in https that redirect to another vip in https

2026 301a exam

F5OS login with admin/root failed via console

Related Content

iControl REST Fine-Grained Role Based Access Control

Ansible - Upload Certificates requires Administrator Role?

TACACS+ Remote Role Configuration for BIG-IP

ASM Policies role based access

Using BIG-IQ to Determine Differences Between Advanced WAF Policies

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS