Abdessamad1
Jun 02, 2016Cirrostratus
LDAP admin authentication - nested group membership
Dear,
I would like to give access to a BIG-IP (running version 12.1.0) to users based on their group membership.
I have authentication working fine, and I can get group membership if the group directly assigned to the user.
But it I don't find a way to instruct the F5 to do recursive queries on nested groups.
auth ldap system-auth {
bind-dn
bind-pw *****
check-roles-group enabled
debug enabled
login-attribute sAMAccountName
search-base-dn
servers { }
user-template %s@
}
auth remote-role {
role-info {
Admins {
attribute memberOf=
console tmsh
line-order 1
role administrator
user-partition All
}
}
}
Thanks for your assistance.