AAA: LDAP Group caching issue
We have two AAA profiles using LDAP that are configured exactly alike - with the exception that one of them points towards an LDS (Lightweight Directory Services) server and the other points towards an AD (Active Directory) server. The issue is that the AAA profile that goes to AD is able to successfully cache groups. However, the AAA server that points towards LDS is unable to cache groups. It is however able to successfully authenticate users, so we know it works. The larger issue here is that when LDS is populated with thousands of users, we get an error that the size returned is too large and we are then unable to authenticate to LDS. Our work around is that we can hopefully cache everything on F5 but so far haven't had any success.
APM - Using AD as AAA server
AD credentials in AAA server configuration was ok for aproximatly 3 months, after that, password is changed for that username on AD, but I never changed this password in configuration on BIG IP, but VPN users are still able to connect. Is there some place for caching this information, or?