Forum Discussion
Hello Bryan.
Check this:
https://devcentral.f5.com/s/question/0D51T00007BG1Pc/insert-client-ip-address-on-ldap-vs
Regards,
Dario.
- Bryan_T_Sep 02, 2020MVP
Thanks. That is interesting but doesn't really help in a practical sense as you won't be able to correlate the source ip with the BIND request that actually locked out the account.
- Sep 02, 2020
Hello Bryan.
It's not possible to inject source IP into an AD request, the same way as with HTTP XFF.
The only way is to disable automap.
In the link shows an example of how to log AD queries by user/real-IP to an external syslog server. Maybe it's a higher level of complexity than you were looking for, but if you find a way to let AD to check those logs before taking the decission to lockout some user, that would be a way to workaround your issue.
I know it's hard, but sometimes customer requirements are too unrealistic :-).
Regards,
Dario.