Remote Active Directory Authentication w/ e-mail address
Hello Guys, I came across a question from a customer today where we've configured Active Directory authentication for users login into the BIGIP. It is working perfectly with no problems. The customer question for me was if it would be possible to use the entire user's email address (DN) instead of only the username alone i.e: wguilherme@f5demo.com instead of only wguilherme. I have configured it on my lab and the authentication works fine, but not with the e-mail address. I tried different approaches but nothing made it work. See below my screenshots of my lab configuration. Do you know if it is possible?
Authentication
Remote Role Groups
Thank you very much
Willian Guilherme Vancouver - Canada
Hey Guys, thank you very much for your help. @nitass your configuration is perfect and worked like a charm. I initially used the following lines, but it did not work even with the userprincipalname because I had the"user-template" configured.
root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos) list auth ldap system-auth auth ldap system-auth { bind-dn cn=administrator,cn=users,dc=f5demo,dc=com bind-pw $M$Xz$R6vSMU6JwXX/2bq2Cksu/g== login-attribute userprincipalname search-base-dn cn=users,dc=f5demo,dc=com servers { 192.168.1.100 } user-template %s@f5demo.com
My new configuration is just like yours.The "User-Template" should be left blank otherwise it will make the BIGIP to use only the userid instead of the combination userid + DN.
Working configurtion root@(bigip1)(cfg-sync Standalone)(Active)(/Common)(tmos) list auth ldap system-auth auth ldap system-auth { bind-dn cn=administrator,cn=users,dc=f5demo,dc=com bind-pw $M$vD$R97Nbf7gLgGgbO44TBHByA== login-attribute userprincipalname search-base-dn cn=users,dc=f5demo,dc=com servers { 192.168.1.100 }
![Image Text](/Portals/0/Users/187/75/146875/ScreenShot2014-08-20at9.00.53PM.png) Thank you very much fellows ;)