Using RBAC With iControlREST on BIG-IP

BIG-IP is able to use built-in Role-Based Access Control (RBAC) functionality.  The operator function will be used in this example.  This article gives some guidance on how you can use such a role in...
Published Dec 22, 2016
Version 1.0
cloud
devops
iControlREST
LTM
seilemor_131269's avatar
seilemor_131269
Icon for Altostratus rankAltostratus
Apr 12, 2017

I've playing around with the iControl feature. My goal is to setup a monitoring solution based on iControl possibilities.

 

Now I've the following issue:

 

Using the local admin accont will work. I can read and write data:

 

curl -sk -u admin https://HOSTNAME/mgmt/tm/ltm/pool/POOLNAME/members/~Common~NODENAME -H "Content-Type: application/json" -X PATCH -d '{ "session":"user-enabled", "state":"user-down" }'

Using an ActiveDirectory Account I can read data, but if I try to write data using the command from above I'll get the following issue:

 

{"code":400,"message":"Found unexpected URI tmapi_mapper/ltm/~Common~pool/POOLNAME/members/~Common~NODENAME.","errorStack":[],"apiError":1}

Now I don't know whats the problem here. I already tested a lot with different passwords, user roles, the Header X-F5-Auth-Token, patching the iControl_REST_API_User Group... nothing will work. Does anyone else has an idea what I can test now?

 

Thanks...