Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

AD QUERY FOR APM POLICY

Oreoluwa
Altocumulus
Altocumulus

‎16-Sep-2020 07:11

Hi, How can i specify the group a user must be a member of in the AD query component of the APM policy on the F5. It seems like there has to be a format for the specification of the group on the AD query. Please i need help on this.

Labels:
0 Kudos
8 REPLIES 8

Yoann_Le_Corvi1
Cumulonimbus
Cumulonimbus

‎16-Sep-2020 10:50

Hi,

 

Are you talking about the Branch Rule ?

Normally, in the AD Query, you can create a Banch Rule that sets :

Context: AD Query

Condition: User is Member Of

DN: CN=MY_GROUP, CN=Users, DC=MY_DOMAIN

 

It should be really straighforward.

 

Yoann

0 Kudos

Oreoluwa
Altocumulus
Altocumulus
In response to Yoann_Le_Corvi1

‎16-Sep-2020 12:48

Yes i know this format of the AD query is what is default on the F5 APM however, it does not work. That is, the users in the group i specified in this DN are not seeing what they are expected to see on their portal access. They still what every other user sees on the webtop.

0 Kudos

Yoann_Le_Corvi1
Cumulonimbus
Cumulonimbus

‎17-Sep-2020 04:52

Hmm,

 

You confirm that the DN entered there matches the distinguished name attribute in Active Directory Object editor for the user group in question ?

Also, we occasionally hit limitation when the number of group the user belongs to is to big. Could that be your case ?

 

Yoann

0 Kudos

Amine_Kadimi
MVP
MVP

‎17-Sep-2020 04:57

Can you see and confirm from the APM debug logs whether those users are going through the expected branch or whether they hit another one?

0 Kudos

Oreoluwa
Altocumulus
Altocumulus
In response to Amine_Kadimi

‎17-Sep-2020 23:06

Hi guys, so i found that there was am ad group resource assignment where i could specify groups i have imported from the Actice Directory to the F5. This has worked on my lab and i have different portal views foe different groups of users. However, at a production site, the import of groups is failing. Showing an error unable to import group. I have confirmed that the F5 can reach the AD and query it. It just doesnt import the groups. Any solution to this please??

0 Kudos

Marco_Lei
Altostratus
Altostratus
In response to Oreoluwa

‎25-Sep-2020 03:01

Hi,

 

Have you tried to use the same user in APM AD server config to query the AD server by "ldapsearch" in command line?

 

Also, F5 will send request to port 88 of AD server when you configured AD in "Active Directory" section, but if LDAP is used to configure AD, F5 will send request to port 389 or 636. Hope this helps.

0 Kudos

boneyard
MVP
MVP
In response to Oreoluwa

‎04-Oct-2020 06:02

did you get this working Oreoluwa?

 

if so flag the question as answered.

0 Kudos

Oreoluwa
Altocumulus
Altocumulus
In response to Oreoluwa

‎09-Nov-2020 03:12

yes. Using AD group resource assignment after i had imported the group on the AD on F5.

0 Kudos
Copyright © 2023 Khoros, LLC