Manual Chapter : About LDAP Group Lookup

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 15.0.0
Manual Chapter

About LDAP Group Lookup

An LDAP Group Lookup item compares a specified string against the
session.ldap.last.attr.memberOf
session variable. The specified string is configurable in a branch rule. The default simple branch rule expression is
User is a member of CN=MY_GROUP, CN=USERS, CN=MY_DOMAIN
; the values
MY_GROUP
,
USERS
,
MY_DOMAIN
, must be replaced with values used in the LDAP group configuration at the user site.
An LDAP Query action is required in the access policy to populate the session variable.