Forum Discussion

Kenny_Barnt's avatar
Kenny_Barnt
Icon for Altostratus rankAltostratus
Jul 03, 2017

AD Query Not Populating Nested Groups

We're looking at enabling some RBAC using iRules, so we want to populate the memberOf field via an AD Query in our Access Profile. Our issue is that whether or not we have "Fetch Nested Groups" enabled in the AD Query block in the VPE, we only get the groups that a user is explicitly a member of.

 

Is there something we might need to do on the AD side to get this to work, or some configuration value on the F5 side that I'm missing? Barring either of those, is there a good work around?

 

We're running APM 12.1.2 HF1.

 

  • I Guess I should RTFM a little better. Poking around I found this note in the contextual help in the VPE for the AD Query block...

     

    Note: Because this option requires administrative privileges, ensure that the administrator name and password are specified on the AAA Active Directory server configuration page.

     

    ... that I hadn't seen anywhere else. Added some credentials to the AAA server configuration and it works.