Configuring Smart Card Authentication and Kerberos Constrained Delegation in F5 Access Policy Manager (APM)
Published Jul 10, 2018
Version 1.0Was this article helpful?
Honestly, I don't know that it really matters. There was some password reset limitations of using the LDAP query versus AD but I don't remember off the top of my head. However, in your case, this wouldn't be an issue unless you had a branch for users that didn't have a CAC that were still using UN/PW. The thing to remember is that the variable is going to change.
If you use LDAP you will use something like session.ldap.last.attr.sAMAccountName versus using AD will result in session.ad.last.attr.sAMAccountName.