Forum Discussion
Jason_40733
Sep 24, 2013Cirrocumulus
Here is what our 10.2 ldap auth definition looks like in the bigip.conf file to our 2008 AD Directory server.
auth ldap system-auth {
search base dn "dc=prod,dc=ad,dc=bigcompany"
bind dn "cn=ldapverify,cn=users,dc=prod,dc=ad,dc=bigcompany"
bind pw "ldapverifypassword"
login attr "uid"
user template "%s@prod.ad.bigcompany"
servers "10.10.10.10"
}
This section in our bigip.conf defines the role for remote users.
remote users {
default partition all
default role guest
}
We use the following in our 10.2 LTM setup to define additional remote roles in addition to the default access granted AD accounts. This is also in the bigip.conf file.
remoterole {
role info {
slb_admins {
attribute "memberOf=CN=slb_admins,CN=Groups,DC=prod,DC=ad,DC=bigcompany"
console "disable"
line order 1000
role "administrator"
user partition "all"
}
slb_appeditors {
attribute "memberOf=CN=slb_appeditors,CN=Groups,DC=prod,DC=ad,DC=bigcompany"
console "disable"
line order 1020
role "app editor"
user partition "all"
}
slb_operators {
attribute "memberOf=CN=slb_operators,CN=Groups,DC=prod,DC=ad,DC=bigcompany"
console "disable"
line order 1010
role "operator"
user partition "all"
}
}
}