Using LDAP attribute(s) to determine roles?

Question

As our organization has grown, managing users and user roles has become very time consuming. Is there any means by which user roles could be assigned at login time using LDAP attributes (namely OU)?

For example, could we assign the role of "Application Editor" to all users that have an OU equaling "QA"?

If anyone has any other suggestions that may help lessen the administrative overhead involved in managing an ever growing user base, please share!

Thanks!

Evan

george_watkins_ · Answer

Hi Evan, 
&nbsp;  
&nbsp; The feature you're looking for is called "Remote Role Groups" and was introduced in BIG-IP version 11. You'll want to configure a remote authentication source (System &gt; Users &gt; Authentication) and input all the parameters for your LDAP server there. Next you'll create a Remote Role Group (System &gt; Users &gt; Remote Role Groups) for the QA group. Here is all the info you'll need: Configuring Remote User Authentication and Authorization.  
&nbsp;  
&nbsp; Hope that helps, 
&nbsp;  
&nbsp; George

evan_25555 · Answer

Thank you, George-much appreciated!&nbsp;&nbsp;&nbsp;&nbsp;Evan&nbsp;

Forum Discussion

Using LDAP attribute(s) to determine roles?

Recent Discussions

Can you set Kerberos AAA server via session variable?

HTML Code injection Not detected by ASM

What will be happen to live and existing connections when failover HA BIG IP active-standby

SSL Offload and remove FQDN

High CPU utilization (100%).

Related Content

iControl REST Fine-Grained Role Based Access Control

ASM Policies role based access

TACACS+ Remote Role Configuration for BIG-IP

User roles per partition: are multiple possible?

Using BIG-IQ to Determine Differences Between Advanced WAF Policies

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS