AD/LDAP Auth on rSeries F5-OS
AD/LDAP auth on F5-OS seems unnecessarily complicated compared to how TMOS handles it. Does anyone have this working in their environment? If so, can you explain which attributes are created (F5-F5OS-UID, F5-F5OS-GID, uidNumber, gidNumber, etc.) and if they are applied directly to the AD user and/or AD group? The config guide mentions that F5-F5OS-GID is the only required attribute (F5-F5OS-UID defaults to 1001). It's not clear to me if this attribute must be added directly to the user account or if it can be created in an AD group that the user is a member of. Then there is aSolution Article that says LDAP requires the user have a uidNumber and gidNumber. The AD group must have a gidNumber that corresponds to the associated group ID of the F5 system role. They provide an example of a AD user and AD group showing uidNumber and gidNumber, but there is no reference to F5-F5OS-GID.
Why do we use username and password in Healthcheck Monitor ?
Hi Team , We have an LDAP VIP , and we could see the heathcheck monitor which is applied to the pool has username password enabled and used . Why do we need to authenticate first before checking the services on the server ? When do we really need to enable username/pasword option in monitoring ?
iRules LX for APM password reset
We are attempting to use APM as a Self-Service Password Reset resolution. I can modify Active Directory attributes than to this article https://devcentral.f5.com/s/articles/apm-cookbook-modify-ldap-attribute-values-using-iruleslx-21850 , however, has anyone used iRules LX to reset a password. I'll validate the user first with other methods but want to reset a forgotten password rather than the APM built-in Kerberos API reset with the current password to update to a new one. Thanks