My user account is a member of my Microsoft Active Directory RBAC group
This Microsoft Active Directory RBAC group is a member of the group created for F5 Admin
I have created these same groups on my LTM in the remote role groups with the same name as my AD group that RBAC is a meber of:
The only way I can validate that I can authenticate to LDAP at all is when I enable the "External Users" in the authentication config. This successfully authenticates me with LDAP, but since I don't match any groups, it just logs me in as Guest instead of Administrator. At least I can see LDAP working ...
While working with another vendor I had to configure that system to use a recursive LDAP search in order to get LDAP to work with the Microsoft Active Directory RBAC groups.
If this is possibly the same issue, is there a method to enable a recursive search on the F5.
If this is not likely the issue, what have I configured incorrectly that is preventing my users from authenticating with proper roles?
Any pointers would be appreciated as I need to get a working solution.
This issue was resolved via F5 supoport who advised me to modify the configuration in "remote role group" to add "memberOf=" in front of group name I entered in the attribute string field for the defined group. This allowed me to log in with a user in active directory was explicitly assigned to the group in question.
I have however discovered that if you have this group in another nested group within Active Directory authentication still fails. From what I have researched the limited scope available in the LDAP configuration is lacking the "recursive" query option for LDAP.