Manual Chapter :
Ephemeral authentication with both RADIUS and LDAP
Applies To:
Show VersionsBIG-IP APM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0
Ephemeral authentication with both RADIUS and LDAP
Detailed use cases describe how to configure LDAP/LDAPS and RADIUS separately with ephemeral
authentication. You can also use both LDAP/LDAPS and RADIUS in one ephemeral authentication
configuration and access policy. Several changes need to be made for the configuration to support
both.
- The same set of users must be configured with the same usernames on both the RADIUS and LDAP/LDAPS backend systems.
- In the Ephemeral Authentication Configuration,Authentication Methodmust specify both LDAP and RADIUS.
- The Ephemeral Access Configuration must specifyUser LDAP DN.
- The access policy should look like the one in the LDAP use case, including the LDAP query. Because the usernames are the same on both systems, RADIUS users will successfully pass through the LDAP Query in the policy.
- In the access policy macro, in the Advanced Resource Assign, be sure to assign all of the WebSSH, Portal Access, and Webtop Links resources needed for both RADIUS and LDAP/LDAPS.
- Create virtual servers for Ephemeral Authentication, LDAP, LDAPS, or both, and RADIUS.
Configured this way, the same set of users can access both RADIUS and LDAP
resources that are protected by ephemeral authentication methods.