Forum Discussion

Evan_25555's avatar
Historic F5 Account
May 10, 2012

Using LDAP attribute(s) to determine roles?

As our organization has grown, managing users and user roles has become very time consuming. Is there any means by which user roles could be assigned at login time using LDAP attributes (namely OU)?





For example, could we assign the role of "Application Editor" to all users that have an OU equaling "QA"?






If anyone has any other suggestions that may help lessen the administrative overhead involved in managing an ever growing user base, please share!












2 Replies

  • George_Watkins_'s avatar
    Historic F5 Account
    Hi Evan,



    The feature you're looking for is called "Remote Role Groups" and was introduced in BIG-IP version 11. You'll want to configure a remote authentication source (System > Users > Authentication) and input all the parameters for your LDAP server there. Next you'll create a Remote Role Group (System > Users > Remote Role Groups) for the QA group. Here is all the info you'll need: Configuring Remote User Authentication and Authorization.



    Hope that helps,