opers13_3280
Oct 17, 2009Nimbostratus
LDAP configuration
I'm in the process of configuring LDAP on the F5.
Do I have to create an account in AD for the F5 so it can search LDAP??
thanks
Opers13, Yes. You do need an ID that has privileges to query your AD structure and verify users.
Here is a sample of the sections in our bigip.conf file that show remote roles for specific groups for admin and operators. Our generic login lets anyone come in as a guest. This allows us to specify remote groups with enhanced privileges.
remoterole {
role info {
ltm_admins {
attribute "memberOf=CN=ltm_admins,CN=Groups,DC=ad,DC=redmond,DC=microsoft"
line order 1000
role "administrator"
user partition "all"
}
ltm_operators {
attribute "memberOf=CN=ltm_operators,CN=Groups,DC=ad,DC=redmod,DC=microsoft"
line order 1010
role "operator"
user partition "all"
}
}
}
auth ldap system-auth {
search base dn "dc=ad,dc=redmond,dc=microsoft"
bind dn "cn=adsearch,cn=users,dc=ad,dc=redmond,dc=microsoft"
bind pw "ourawesomesecretpassword"
login attr "uid"
user template "%s@ad.redmond.microsoft"
servers "192.168.1.2"
}
I'm not a Microsoft employee and the above information are just for examples.
Jason