Configuring Smart Card Authentication and Kerberos Constrained Delegation in F5 Access Policy Manager (APM)
In previous articles, we have discussed the use of F5 BIG-IP as a SSL VPN and then followed up by adding endpoint security to the same Access Profile configuration we used for VPN access. I now wante...
Published Jul 10, 2018
Version 1.0
Honestly, I don't know that it really matters. There was some password reset limitations of using the LDAP query versus AD but I don't remember off the top of my head. However, in your case, this wouldn't be an issue unless you had a branch for users that didn't have a CAC that were still using UN/PW. The thing to remember is that the variable is going to change.
If you use LDAP you will use something like session.ldap.last.attr.sAMAccountName versus using AD will result in session.ad.last.attr.sAMAccountName.