APM Local DB multiple groups
Hi, I'm using APM with localdb authentication and performing a group lookup and resource assign ACLs based on the localdb group. It works well with one group and one set of ACLs per group. But what if I want a user to have ACLs from more than one group? do I assign multiple groups to the user? I've sort of tried this but it did not work. Only ACL from one group are applied. Is this sort of functionality supported or is the group field in localdb meant for only one group?65Views0likes3CommentsBIG-IQ not mapping AD groups to User Groups
I'm currently trying to get a BIG-IQ instance working correctly with a customers AD service. This service already works 100% fine with the existing BIG-IP devices confirming that the AD setup is ok. I've no doubt this is a PICNIC error on my part but I'm not an LDAP/AD person by trade. We have managed to get the BIG-IQ to authenticate users so we know we have connectivity to the AD side of things. I've created a user group to map people who are in the F5Admins group so that they should automatically be given the role of Administrator. What I've found out from performing an ldapsearch is that the username they type in (format Xnnnnnnnnn) doesn't appear in the search for the F5Admins group members and for some reason the BIG-IP's can handle this but the BIG-IQ cannot. Below is the output from the ldapsearch:- (sanitised output) ldapsearch -x -h 1.2.3.4 -b "ou=xxxxx Global Groups,dc=xxxxx,dc=xxx,dc=uk" -s sub "(cn="F5Admins")" -v -D "cn=XXXX,ou=XXXXX Accounts,dc=xxxxx,dc=xxx,dc=uk" -W ldap_initialize( ldap://1.2.3.4 ) Enter LDAP Password: filter: (cn=F5Admins) requesting: All userApplication attributes extended LDIF LDAPv3 base with scope subtree filter: (cn=F5Admins) requesting: ALL F5Admins, (output snipped) dn: CN=F5Admins,OU=XXXX,ou=xxxxx Global Groups,dc=xxxxx,dc=xxx,dc=uk objectClass: top objectClass: group cn: F5Admins member: CN=Doe J (John),OU=xxxxx Admins,DC=xland,DC=xxx,DC=uk member: CN=Doe J (Jane),OU=xxxxx Users,DC=xland,DC=xxx,DC=uk member: CN=Doe J (Jack),OU=xxxxx Users,DC=xland,DC=xxx,DC=uk (output snipped but contains simlar user information) distinguishedName: CN=F5Admins,OU=Misc,OU=xxxxx Global Groups,DC=xland,DC=xxx,DC=uk I am unable to provide screenshots of the other parts of the config as it contains information that the customer doesn't want to be made public.530Views0likes3Comments