Forum Discussion
Peter_Baumann
May 18, 2018Cirrostratus
Example of a working config with Active Directory
- You need to change bind-dn, bind-pw and servers for your AD
- Change the remote-role according to your AD group objects
- The UPN (userPrincipalName) will be used for login (e.g. name@domain.com)
Use in tmsh "load sys config merge from-terminal" and paste the following text:
LDAP Access
auth ldap system-auth {
bind-dn CN=yourusername,OU=yourorg,DC=domain,DC=com
bind-pw yourpassword
login-attribute userPrincipalName
port ldaps
search-base-dn DC=domain,DC=com
servers { dc.domain.com }
ssl enabled
}
auth remote-role {
role-info {
LDAP-Administrator {
attribute memberOF=CN=Domain Admins,DC=domain,DC=com
console tmsh
line-order 1
role administrator
user-partition All
}
LDAP-ReadOnly {
attribute memberOF=CN=Domain Users,DC=domain,DC=com
line-order 2
role guest
user-partition All
}
}
}
auth remote-user {
default-partition Common
}
auth source {
type active-directory
}