WUI - How to use LDAP for WUI Authentication
By default, the LoadMaster accepts basic authentication to log on to the Web User Interface (WUI) for the default user bal. If you want other users to log in to the LoadMaster using their LDAP credentials, this guide will assist you. This guide shows how to configure a pre-existing LDAP endpoint to be used to configure LDAP WUI authentication. If you need assistance on configuring an LDAP endpoint refer to this article:
First, enable session management on the LoadMaster. This allows other means of WUI authorization.
Certificates & Security > Admin WUI Access. Tick the Enable Session Management check box.
Then, navigate to Certificates & Security > Remote Access > WUI Authorization Options.
There is an option for LDAP with an LDAP Endpoint drop-down list. Select your relevant LDAP Endpoint. Once selected, you can then enable the LDAP Authentication check box. You can test by entering test login details in the Test AAA for User section. Enter the test Username in the format username@domain and their Password.
By default, the LoadMaster only authenticates users against the LDAP, but it does not authorize them to make changes on the LoadMaster. To do this, first ensure the Local Users row has the Authorization check box checked and the LDAP row has the Authentication check box checked. This means the LoadMaster uses the LDAP to authenticate against the LDAP server but it will use local authorization.
Now, navigate to System Configuration > System Administration > User Management. Here you will need to add a new user in the format username@domain and select No Local Password.
This ensures the LoadMaster authenticates against the LDAP. Once done, modify the user to set permissions. Each permissions allows this user to manage certain aspects of the LoadMaster, or all aspects if you set it to All Permissions.