Manual Chapter : About LDAP Query

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 15.0.0
Manual Chapter

About LDAP Query

An LDAP Query action performs a query against an AAA LDAP server. An LDAP Query action provides these configuration elements and options:
Type
Specifies Query, the type of this LDAP action.
Server
Specifies an LDAP server; servers are defined in the
Access
Authentication
area of the Configuration utility.
SearchDN
Specifies the base node of the LDAP server search tree to start the search with.
SearchFilter
Specifies the search criteria to use when querying the LDAP server for the user's information. Session variables are supported as part of the search query string. When strings are used, they must be enclosed in parentheses; for example, (
sAmAccountName
=%{
session.logon.last.username
}).
Show Extended Error
When enabled, causes comprehensive error messages generated by the authentication server to display on the user's logon page. This setting is intended only for use in testing, in a production or debugging environment. If enabled in a live environment, your system might be vulnerable to malicious attacks. (When disabled, displays non-comprehensive error messages generated by the authentication server on the user's logon page.)
Fetch groups to which the user or group belong
Specifies how to fetch groups; associates the groups to the user or the group.
  • None
    - Do not fetch groups.
  • Direct
    - Fetch only those groups to which the user or group belong directly.
  • All
    - Fetch groups to which the user or group belong directly; then fetch all groups that are nested under those groups. For example, if the user belongs to Group 1 and Group 2, and Group 1 is a member of Group 3 and Group 4, selecting
    All
    associates all four groups to the user. Alternatively, if the group is Group 1, selecting
    All
    associates Group 3 and Group 4 to Group 1.
Fetch users that belong to the group
Specifies how to fetch users that are members of the group; associates the users to the group.
  • None
    - Do not fetch groups.
  • Direct
    - Fetch only those users that belong to the group directly.
  • All
    - Fetch users that belong to the group directly and, if other groups are nested under the group, fetch users that belong to those groups also. For example, if the group (for example, Group 1) is a member of Group 3 and Group 4, selecting
    All
    associates the members (users) of all three groups to the group.
Required Attributes (optional)
By default, the server loads all user attributes if no required attributes are specified. However, system performance can improve if fewer attributes are returned.