Manual Chapter : Creating an LDAP Authentication Configuration

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0
Manual Chapter

Creating an LDAP Authentication Configuration

If using an LDAP authentication server to verify ephemeral credentials for privileged user access, create an LDAP Authentication Configuration in APM.
  1. On the Main tab, click
    Access
    Ephemeral Authentication
    LDAP Authentication Configuration
    .
  2. Click
    Create
    .
  3. For
    Name
    , type a name for the LDAP Authentication Configuration.
  4. For
    Proxy User DN
    , specify the name (in distinguished name--DN format) that represents the a user on the backend LDAP server.
    When the LDAP virtual server receives an LDAP authorization request, the username is in DN format (for example: CN=proxyuser, OU=marketing, DC=mydomain, DC=com).
  5. For
    Proxy User Password
    , type the password for the specified Proxy User on the backend LDAP server.
  6. For
    Bypass User List
    , add the names of user DNs that can skip ephemeral authentication and are authenticated instead on the LDAP server.
    The User DN specified in the backend device configuration (often the admin account) should always be included on the bypass list.
    DN name matching is based on a case-sensitive string comparison. If the names match exactly, LDAP authentication occurs on the backend LDAP server.
  7. For
    Deny User List
    , add the names of user DNs that will be denied access, and for whom LDAP requests will fail.
  8. Click
    Save
    .
The LDAP Authentication Configuration is created.
You will need to link the LDAP Authentication Configuration and an Ephemeral Authentication Configuration (the same one associated with the Ephemeral Authentication virtual server) to an LDAP or LDAPS virtual server.