LDAP authentication configuration on F5 BIG-IP

F5 BIG-IP can be configured to authenticate with LDAP server based on freeipa. We can do the same by configuring the autentication settings as such:

Web interface:

System > Users > Authentication

User Directory: Remote - LDAP
Host: ipa.example.com <This is the ip or hostname of the LDAP server reachable from F5 device>
Port: 636 <636 for LDAPS and 389 for LDAP>
Remote Directory Tree: cn=users,cn=accounts,dc=example,dc=com <this is the directory of user to 
seach from>
Scope: Sub
Bind DN: uid=readonly,cn=users,cn=accounts,dc=example,dc=com <username that has read access to 
the LDAP server>
Password: xxxxxxxxxxxxxxxxxxxxxxxx <password for the same user>

User Template: uid=%s,cn=users,cn=accounts,dc=example,dc=com 
Check Member Attribute in Group [x]
SSL: Disabled

SSL CA Certificate: None
SSL Client Key: None
SSL Client Certificate: None
Login LDAP Attribute	uid

External Users <If no remote group is matched, authenticated users will get this role>
Role: No Access
Partition Access: Common
Terminal Access: Disabled

Remote Role Groups: <this is compared before external users. It is used to assign roles to users
based on their group>

Group name: sysadmin 
Line Order: 1001
Attribute String:
memberOf=cn=sysadmin,cn=groups,cn=accounts,dc=example,dc=com <specifying the group name to be 
Assigned Role: Administrator

Group name: development
Line Order: 1002
Attribute String:
Assigned Role: Manager

Was this article helpful?

Related Articles

Leave A Comment?