Forum Discussion
youssef1
May 29, 2018Cumulonimbus
Hi Carol.
I think that your problem is about system problem.
can you try an ldap querry without apm in order to check if you relationship is correct and if what's you want to do is possible (ldap query in AD1 that will fw to AD2...).
https://support.f5.com/csp/article/K15811
- Use the following ldapsearch command to send LDAP queries to the server.
ldapsearch [options] [filter [attributes...]]
- For example, the following command queries the LDAP server 172.24.171.1 for a BIG-IP administrative user account named bigipwasa:
ldapsearch -x -h 172.24.171.1 -D "cn=admin,dc=askf5,dc=pslab,dc=local" -w askf5 -b 'uid=bigipwasa,ou=Users,dc=askf5,dc=pslab,dc=local' '(objectclass=*)'
You have another possibility, is to modify your policy:
- logon page
- ldap query on AD1
- if AD1 result is successfull FW user to AD1 for authentication.
- if LDAP Query on AD1 Fail FW user to AD2 for authentication...
Regards