Manual Chapter : About LDAP Auth

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 15.0.0
Manual Chapter

About LDAP Auth

An LDAP Auth action authenticates a user against an AAA LDAP server. An LDAP Auth action provides these configuration elements and options.
When configured in a per-request policy subroutine, some screen elements and options described here might not be available.
Type
Specifies Authentication, the type of this LDAP action.
Server
Specifies an LDAP server; servers are defined in the
Access
Authentication
area of the Configuration utility.
SearchDN
Specifies the base node of the LDAP server search tree to start the search with.
SearchFilter
Specifies the search criteria to use when querying the LDAP server for the user's information. Session variables are supported as part of the search query string. Parentheses are required around search strings; (
sAmAccountName
=%{
session.logon.last.username
})
UserDN
Specifies the Distinguished Name (DN) of the user. The DN can be derived from session variables.
Show Extended Error
When enabled, causes comprehensive error messages generated by the authentication server to display on the user's logon page. This setting is intended only for use in testing, in a production or debugging environment. If enabled in a live environment, your system might be vulnerable to malicious attacks. (When disabled, displays non-comprehensive error messages generated by the authentication server on the user's logon page.)
Max Logon Attempts Allowed
Specifies the number of user authentication logon attempts to allow. A complete logon and password challenge and response is considered as one attempt.
For a per-request policy subroutine, equivalent functionality is supported through subroutine settings.