Manual Chapter :
Creating an LDAP Authentication Configuration
Applies To:
Show VersionsBIG-IP APM
- 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0
Creating an LDAP Authentication Configuration
If using an LDAP authentication server to
verify ephemeral credentials for privileged user access, create an LDAP Authentication
Configuration in APM.
- On the Main tab, click.
- ClickCreate.
- ForName, type a name for the LDAP Authentication Configuration.
- ForProxy User DN, specify the name (in distinguished name--DN format) that represents the a user on the backend LDAP server.When the LDAP virtual server receives an LDAP authorization request, the username is in DN format (for example: CN=proxyuser, OU=marketing, DC=mydomain, DC=com).
- ForProxy User Password, type the password for the specified Proxy User on the backend LDAP server.
- ForBypass User List, add the names of user DNs that can skip ephemeral authentication and are authenticated instead on the LDAP server.The User DN specified in the backend device configuration (often the admin account) should always be included on the bypass list.DN name matching is based on a case-sensitive string comparison. If the names match exactly, LDAP authentication occurs on the backend LDAP server.
- ForDeny User List, add the names of user DNs that will be denied access, and for whom LDAP requests will fail.
- ClickSave.
The LDAP Authentication Configuration is
created.
You will need to link the LDAP Authentication
Configuration and an Ephemeral Authentication Configuration (the same one associated
with the Ephemeral Authentication virtual server) to an LDAP or LDAPS virtual
server.