Big-IQ LDAP User Bind Template
We can't get the Big-IQ to authenticate like our Big-IPs and need help.
Our Big-IPs use the user bind template of %s@exx.wxx.bxx.corp and we log in using our user id, not our full name.
On the Big-IQ, if I use my full name in the Bind User DN like, CN=John Doe,OU=xxx,DC=xxx,DC=xxx,DC=xxx,DC=corp and my password, LDAP authentication works. If I try to use my user ID like, CN=jdoe,OU=xxx,DC=xxx,DC=xxx,DC=xxx,DC=corp, it doesn't work.
If I try to use the User Bind Template in Big-IQ instead, like CN={username},OU=xxx,DC=xxx,DC=xxx,DC=xxx,DC=corp, it fails. I assume that because I log in with my user ID, not my name, that is what is being passed as my user DN. The search filter is set to (&(sAMAccountName={username})).
I don't understand why a template works on the Big-IP, but not Big-IQ. How does the user ID get translated to the full name so bind authentication works on the Big-IP? Is there a template syntax that will make that substitution?