Active Directory (via LDAP) Authentication

Question

I've successfully set up AD Authentication off-loading with the LTM and Client Authentication module. So now in order for a user to hit our intranet site, they will have to have a valid AD account.&nbsp;
&nbsp;But what if I want to have multiple pages with different authorization requirements? www.intranet.com would be ok for anyone to see, but only members of GRP_Accounting should be able to visit www.intranet.com/accounting.&nbsp;
&nbsp;I assume I would create multiple profiles each with its own GROUP DN setting that's apropriate, and then an iRule for each URL? Has anyone done this before or am I simply asking the F5 to do to much and should handle this sort of access control on the web server itself?&nbsp;
&nbsp;TIA,&nbsp;
&nbsp;Eric Brander

fahad_a__bin_ma · Answer

can you tell me how you off load the authentication of AD on LTM.  can you send me the steps for this. &nbsp;

hooleylist · Answer

Hi fahadabm,&nbsp;
&nbsp;You can find docs on AskF5 which detail the configuration steps.  Here is an example for configuring AD authentication for client traffic (as opposed to administrative authentication for the GUI/console) in 9.3:&nbsp;
&nbsp;Manual Chapter: BIG-IP Local Traffic Manager version 9.3 Implementations: Configuring Remote Authentication for Application Traffic (Click here)&nbsp;
&nbsp;Aaron&nbsp;

Forum Discussion

Active Directory (via LDAP) Authentication

2 Replies

Recent Discussions

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

SMS server with BIGIP

Related Content

Azure Active Directory and BIG-IP APM Integration

Remote User Authentication (e.g. F5 admins) using Azure Active Directory

Active/Active load balancing examples with F5 BIG-IP and Azure load balancer

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Complete MFA solution with GA stored in Active Directory