How to configure APM to use AD Global Catalog 3268 and or 3269? Does APM support Authentication using Global Catalog?

Question

I'm using APM and there is a requirement to authenticate users through Global Cagalog instead of regular AD Kerberos or LDAP 389 636. We would like to use the AD Global Catalog which are basically 3268 and 3269 but can't seem to get this to work.

maynor_ovalle · Answer

Got an aswer from F5.  As of 11.4.1 Global Catalog is not supported yet for authentication.  Supported are ldap, ldaps, regular AD and Kerberos.&nbsp;

chris_stennie_1 · Answer

Any updates on this?  Has it been added to the current version?

dirtycache · Answer

Circling back to this as the post/question came up in a Google search -&nbsp;
You can utilize the global catalog by configuring it as an LDAP AAA server object, with the dependent pool members using port 3268/tcp.&nbsp;
That said, you won't have password change functionality with an LDAP AAA object like you would with AD due to them each using a different agent; the LDAP agent does not support this feature while the AD agent does, including against RODCs.&nbsp;

Forum Discussion

How to configure APM to use AD Global Catalog 3268 and or 3269? Does APM support Authentication using Global Catalog?

3 Replies

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Configuring APM Client Side NTLM Authentication

Doing mTLS Authentication per URL

Distributed caching of authentication requests with NGINX Ingress Controller

Configuring Smart Card Authentication to BIG-IP Management Interface