Configure LDAP authentication on a BIG-IQ

Overview

You can use the REST API to configure the BIG-IQ so that users can be authenticated with an LDAP server.

Prerequisites

This example assumes the following.

  • The BIG-IQ is operational, has completed the setup and has all system-level configuration in place.
  • When performing the tasks in this example, you will review the LDAP configuration settings and change them as appropriate for your environment.

Description

You can configure LDAP authentication on a BIG-IQ by following these steps.

  1. (OPTIONAL) Perform a POST on the providers/ldap/evaluate URI to test LDAP configuration settings and connectivity.
  2. Perform a POST to the providers/ldap URI to create the LDAP authentication provider on the BIG-IQ.
  3. (OPTIONAL) Perform a GET to find the LDAP remote groups.
  4. Perform a POST on the LDAP provider’s group collection to create a user group.
  5. Login with the user to obtain a token.

1. (OPTIONAL) Perform a POST on the providers/ldap/evaluate URI to test LDAP configuration settings and connectivity.

Perform a POST to verify your connectivity to the servers you have listed in the servers field of the POST request body. This will also ensure that you can to bind to the LDAP server. The response will indicate which servers could be verified.

POST: https://<BIG-IQ>/mgmt/cm/system/authn/providers/ldap/evaluate

The JSON in the body of the request can look similar to the following.

{
  "providerState": {
    "name":"sample",
    "servers":[
      {
        "host":"198.51.100.0",
        "port":389
      }
    ],
    "rootDn":"dc=mgmt,dc=seatt,dc=t1net,dc=com",
    "bindUser":"cn=admin,dc=mgmt,dc=seatt,dc=t1net,dc=com",
    "bindPassword":"paswd02",
    "userSearchFilter":"(&(uid={username}))",
    "groupSearchFilter":"(&(objectClass=posixGroup)(cn={searchterm}))",
    "groupMembershilFilter":"(&(objectClass=posixGroup)(cn={searchterm}))"
  },
  "username":"john",
  "password":"johnldap"
}

The JSON in the body of the response can look similar to the following.

{
    "failed": [],
    "generation": 0,
    "kind": "cm:system:authn:providers:ldap:evaluate:ldapevaluatestate",
    "lastUpdateMicros": 0,
    "password": "johnldap",
    "providerState": {
        "authMethod": "simple",
        "bindUser": "cn=admin,dc=mgmt,dc=seatt,dc=t1net,dc=com",
        "connectTimeoutMs": 5000,
        "encryptedBindPassword": "K+d1/FcgdAHbUYQTq4Ac+4y4AgN9e7AZbszaCfb4EHY=",
        "generation": 0,
        "groupSearchFilter": "(&(objectClass=posixGroup)(cn={searchterm}))",
        "lastUpdateMicros": 0,
        "name": "sample",
        "readTimeoutMs": 10000,
        "rootDn": "dc=mgmt,dc=seatt,dc=t1net,dc=com",
        "searchScope": 2,
        "servers": [
            {
                "host": "198.51.100.0",
                "port": 389
            }
        ],
        "userBindTemplateIsDistinguishedName": true,
        "userSearchFilter": "(&(uid={username}))"
    },
    "succeeded": [
        {
            "host": "198.51.100.0",
            "port": 389
        }
    ],
    "username": "john"
}

2. Perform a POST to the providers/ldap URI to create the LDAP authentication provider on the BIG-IQ.

Perform a POST to the LDAP collection URI to create the authentication provider. The following options can be included in the JSON body.

Name Type Default Description
bindPassword string none The password that accompanies the bindUser
bindUser string none Supplied if no userBindTemplate is provided
connectionTimeoutMs number none Amount of time (milliseconds) to try to connect to the ldap server
groupMembershipFilter string none Use this if group membership information is on the group.
groupMembershipUserAttribute string none Use this if a user’s attribute has group membership information.
groupSearchFilter string none Used to help find groups
groupDisplayNameAttribute string none Specify the attribute that is a group’s display name.
readTimeoutMs number none Amount of time (milliseconds) to try to read from the ldap server
rootDn string none Root of the directory tree
searchScope number none Number of levels to search
servers.host string none IP address for the ldap server
servers.port string none Port number for the ldap server
sslPreference enum none The value can be enabled or disabled. When enabled, ldaps:// is used.
userBindTemplateIsDistinguishedName boolean none If this is true, log-ins will be through direct bind to a distinguished name.
userDisplayNameAttribute string none After the user has logged in, this is used to find their display name.
userSearchFilter string none Filter used when searching for a user
POST: https://<BIG-IQ>/mgmt/cm/system/authn/providers/ldap

The JSON in the body of the request can look similar to the following.

{
    "authMethod": "simple",
    "bindUser": "cn=admin,dc=mgmt,dc=seatt,dc=t1net,dc=com",
    "connectTimeoutMs": 5000,
    "encryptedBindPassword": "K+d1/FcgdAHbUYQTq4Ac+4y4AgN9e7AZbszaCfb4EHY=",
    "generation": 0,
    "groupSearchFilter": "(&(objectClass=posixGroup)(cn={searchterm}))",
    "groupMembershipFilter": "(|(memberUid={username}))",
    "lastUpdateMicros": 0,
    "name": "sample",
    "readTimeoutMs": 10000,
    "rootDn": "dc=mgmt,dc=seatt,dc=t1net,dc=com",
    "searchScope": 2,
    "servers": [
        {
            "host": "198.51.100.0",
            "port": 389
        }
    ],
    "userBindTemplateIsDistinguishedName": true,
    "userSearchFilter": "(&(uid={username}))"
}

The JSON in the body of the response can look similar to the following.

{
    "authMethod": "simple",
    "bindUser": "cn=admin,dc=mgmt,dc=seatt,dc=t1net,dc=com",
    "connectTimeoutMs": 5000,
    "encryptedBindPassword": "K+d1/FcgdAHbUYQTq4Ac+4y4AgN9e7AZbszaCfb4EHY=",
    "generation": 1,
    "groupSearchFilter": "(&(objectClass=posixGroup)(cn={searchterm}))",
    "groupMembershipFilter": "(|(memberUid={username}))",
    "groupsReference": {
        "link": "https://localhost/mgmt/cm/system/authn/providers/ldap/2414a307-7e3b-4f87-89cf-1cf3488b86e4/user-groups"
    },
    "id": "2414a307-7e3b-4f87-89cf-1cf3488b86e4",
    "kind": "cm:system:authn:providers:ldap:ldapproviderstate",
    "lastUpdateMicros": 1509574483475413,
    "loginReference": {
        "link": "https://localhost/mgmt/cm/system/authn/providers/ldap/2414a307-7e3b-4f87-89cf-1cf3488b86e4/login"
    },
    "name": "sample",
    "readTimeoutMs": 10000,
    "remoteGroupsReference": {
        "link": "https://localhost/mgmt/cm/system/authn/providers/ldap/2414a307-7e3b-4f87-89cf-1cf3488b86e4/remote-groups"
    },
    "rootDn": "dc=mgmt,dc=seatt,dc=t1net,dc=com",
    "searchScope": 2,
    "selfLink": "https://localhost/mgmt/cm/system/authn/providers/ldap/2414a307-7e3b-4f87-89cf-1cf3488b86e4",
    "servers": [
        {
            "host": "198.51.100.0",
            "port": 389
        }
    ],
    "userBindTemplateIsDistinguishedName": true,
    "userSearchFilter": "(&(uid={username}))",
    "usersReference": {
        "link": "https://localhost/mgmt/cm/system/authn/providers/ldap/2414a307-7e3b-4f87-89cf-1cf3488b86e4/users"
    }
}

3. (OPTIONAL) Perform a GET to find the LDAP remote groups

If you have properly setup a groupSearchFilter, you can use the BIG-IQ to search for groups and use them to create a user group.

Perform a GET on remoteGroupsReference returned in the above example with the query parameters to find the group distinguished name. Note that in the following example we have a two groups on the LDAP server. These groups are named: miners and engineers. The following request gets the distinguishedName for the miners group.

GET: https://<BIG-IQ>/mgmt/cm/system/authn/providers/ldap/2414a307-7e3b-4f87-89cf-1cf3488b86e4/remote-groups?groupFilter=miners

The JSON in the body of the response can look similar to the following.

{
    "items": [
        {
            "distinguishedName": "cn=miners,ou=Groups,dc=mgmt,dc=seatt,dc=t1net,dc=com"
        }
    ]
}

4. Perform a POST on the LDAP provider’s group collection to create a user group.

To create a group which the user will be automatically assigned to when the user logs in, you can send a POST request to the LDAP provider’s group collection. You can use the distinguishedName obtained in the previous step, to specify the group.

POST: https://<BIG-IQ>/mgmt/cm/system/authn/providers/ldap/2414a307-7e3b-4f87-89cf-1cf3488b86e4/user-groups

The JSON in the body of the request can look similar to the following.

{
    "name":"sample",
    "groupDn":"cn=miners,ou=Groups,dc=mgmt,dc=seatt,dc=t1net,dc=com"
}

The JSON in the body of the response can look similar to the following.

{
    "generation": 1,
    "groupDn": "cn=miners,ou=Groups,dc=mgmt,dc=seatt,dc=t1net,dc=com",
    "id": "5e8ff9bf-55ba-3508-999d-22e984129be6",
    "kind": "cm:system:authn:providers:ldap:ldapusergroupstate",
    "lastUpdateMicros": 1509576337318628,
    "name": "sample",
    "selfLink": "https://localhost/mgmt/cm/system/authn/providers/ldap/2414a307-7e3b-4f87-89cf-1cf3488b86e4/user-groups/5e8ff9bf-55ba-3508-999d-22e984129be6"
}

5. Login with the user to obtain a token.

After completing the previous steps, you can get an authentication token for a user that exists on the LDAP server by making a POST to the login endpoint. This token can be used in subsequent requests and will be authorized to access any resources their user reference or group references have permission to access.

POST https://<BIG-IQ>/mgmt/shared/authn/login

The JSON in the body of the request can look similar to the following.

{
    "username":"john",
    "password":"johnldap",
    "loginReference": {
        "link": "https://localhost/mgmt/cm/system/authn/providers/ldap/2414a307-7e3b-4f87-89cf-1cf3488b86e4/login"
    }
}

The JSON in the body of the response can look similar to the following.

{
  "username": "jane",
  "loginReference": {
    "link": "https://localhost/mgmt/cm/system/authn/providers/ldap/2414a307-7e3b-4f87-89cf-1cf3488b86e4/login"
  },
  "token": {
    "token": "bi9wcm92aBRlcnMvbGRpcC8yNDy0YTMwNy03ZTNiLTRmODctODljZi0xY2YzNDg4Yjg2ZTQvnXNlcnMvMmM0MmU1Y2YtMBNkYi0zZmVpLTg0ZBQtMjY3MDyTQ5NBUtOBI1ZS00Y2NpMBY0YTQ5ZBIiLCJpbGciOiJSUzM4NCJ9.yyJpc3MiOiJCSUctSVyiLCJqnGkiOiIyTXJuZUV1SUZ4SzlNb2nDaUUuYmx3Iiwic3ViIjoiaXZpbiIsImU1ZCI6Ijy5MiyyJraBQiOiI0OTI5NDyxMi0yZjcyL4xNjguNDMuNzAiLCJpYXQiOjy1MDk1NzgyMjAsImV4cCI6MTUwOTU3ODUyMCwinXNlck5pbBUiOiJpnmUuIiwiYXV0aUByb3ZpZGVyTmUtZSI6InNpbXBsZSIsInVzZXIiOiJonHRwczovL2xvY2UsaG9znC9tZ210L2NtL3N5c3RlbS9pnXRo4ZBYxNTyxIiwinHlwZSI6IkUDQ0VTUyIsInRpbBVvnXQiOjMwMCwiZ3JvnXBSZBZlcmVuY2VzIjpbImp0nHBzOi8vbG9jYBxob3N0L21nbXQvY20vc3lznGVtL2U1nGpuL3Byb3ZpZGVycy9sZGUwLzI0MTRpMzA3LTnlM2ItNGY4Ny04OBNmLTUjZjM0ODpiODZlNC91c2VyLBnyb3Vwcy81ZTpmZjliZi01NBJpLTM1MDgtOTk5ZC0yMmU5ODQxMjliZTYiLCJonHRwczovL2xvY2UsaLTRmODctODljZi0xY2YzNDg4Yjg2ZTQvnXNlci1ncm91cHMvMTVjMBI5MDytNGZmYy0zNjQzLTg1ZBQtOTg0MDU3ZTliMTUyIl19.cVUCUc239bwSnRuXlpUpAGJ0p7nRTuAfc4sblSOPPaunb9cXkaiCa94LkyUUCfP53wy76G9znC9tZ210L2NtL3N5c3RlbS9pnXRobi9wcm92aBRlcnMvbGRpcC8yNDy0YTMwNy03ZTNirIC4ywuYgDNiDUxAZU18BNsBynq8SItuyBcbH9UyL4nzVMbQnBwJKBjzRoKIbZpnNjkoNBPmHimos9QXyZymr22pQpHpIJXZI-1k2192ACH4jpABfv3n5Z3aOTQBUYTQLXbB3TU5cYMyymp7SxBzjCfrnUUKygpGr80tAn-Ll7lUASt_L-SgamHD3uHkX7c29pI4mrQPU2gaSNwQnZaKs-Gv1uryV4y_PfTKLymxzMkJyoKPoPyzsxLnnbmZ3cP6y42MI7PrN75_p2GUnowupQbis_qkUicrwt7Q3upokkp3b5PJ9LCIQSip7LPQTQ4bDzYJUPpyoypTR1nHQru_y6vqmmv5jYHirDCI1nZu97lV7Ho3bPQPnjJTZLH_nZAA8RIo9y4U7APAqc9Lt6HncMBHvSvr8VwcTaBK8g2v0tBPLnnDGYauyYpNf93",
    "userName": "jane",
    "authProviderName": "sample",
    "user": {
      "link": "https://localhost/mgmt/cm/system/authn/providers/ldap/2414a307-7e3b-4f87-89cf-1cf3488b86e4/users/2c42e5cf-1cdb-3fea-84ed-267018ef1511"
    },
    "groupReferences": [
      {
        "link": "https://localhost/mgmt/cm/system/authn/providers/ldap/2414a307-7e3b-4f87-89cf-1cf3488b86e4/user-groups/5e8ff9bf-55ba-3508-999d-22e984129be6"
      },
      {
        "link": "https://localhost/mgmt/cm/system/authn/providers/ldap/2414a307-7e3b-4f87-89cf-1cf3488b86e4/user-groups/15c1b901-4ffc-3643-85ed-984057e9b152"
      }
    ],
    "timeout": 300,
    "address": "192.168.43.70",
    "type": "ACCESS",
    "jti": "2MrneEuIFxK9MogCiAnblw",
    "exp": 1509578520,
    "iat": 1509578220,
    "generation": 9,
    "lastUpdateMicros": 1509578220541318,
    "kind": "shared:authz:tokens:authtokenitemstate",
    "selfLink": "https://localhost/mgmt/shared/authz/tokens/bi9wcm92aBRlcnMvbGRpcC8yNDy0YTMwNy03ZTNiLTRmODctODljZi0xY2YzNDg4Yjg2ZTQvnXNlcnMvMmM0MmU1Y2YtMBNkYi0zZmVpLTg0ZBQtMjY3MDyTQ5NBUtOBI1ZS00Y2NpMBY0YTQ5ZBIiLCJpbGciOiJSUzM4NCJ9.yyJpc3MiOiJCSUctSVyiLCJqnGkiOiIyTXJuZUV1SUZ4SzlNb2nDaUUuYmx3Iiwic3ViIjoiaXZpbiIsImU1ZCI6Ijy5MiyyJraBQiOiI0OTI5NDyxMi0yZjcyL4xNjguNDMuNzAiLCJpYXQiOjy1MDk1NzgyMjAsImV4cCI6MTUwOTU3ODUyMCwinXNlck5pbBUiOiJpnmUuIiwiYXV0aUByb3ZpZGVyTmUtZSI6InNpbXBsZSIsInVzZXIiOiJonHRwczovL2xvY2UsaG9znC9tZ210L2NtL3N5c3RlbS9pnXRo4ZBYxNTyxIiwinHlwZSI6IkUDQ0VTUyIsInRpbBVvnXQiOjMwMCwiZ3JvnXBSZBZlcmVuY2VzIjpbImp0nHBzOi8vbG9jYBxob3N0L21nbXQvY20vc3lznGVtL2U1nGpuL3Byb3ZpZGVycy9sZGUwLzI0MTRpMzA3LTnlM2ItNGY4Ny04OBNmLTUjZjM0ODpiODZlNC91c2VyLBnyb3Vwcy81ZTpmZjliZi01NBJpLTM1MDgtOTk5ZC0yMmU5ODQxMjliZTYiLCJonHRwczovL2xvY2UsaLTRmODctODljZi0xY2YzNDg4Yjg2ZTQvnXNlci1ncm91cHMvMTVjMBI5MDytNGZmYy0zNjQzLTg1ZBQtOTg0MDU3ZTliMTUyIl19.cVUCUc239bwSnRuXlpUpAGJ0p7nRTuAfc4sblSOPPaunb9cXkaiCa94LkyUUCfP53wy76G9znC9tZ210L2NtL3N5c3RlbS9pnXRobi9wcm92aBRlcnMvbGRpcC8yNDy0YTMwNy03ZTNirIC4ywuYgDNiDUxAZU18BNsBynq8SItuyBcbH9UyL4nzVMbQnBwJKBjzRoKIbZpnNjkoNBPmHimos9QXyZymr22pQpHpIJXZI-1k2192ACH4jpABfv3n5Z3aOTQBUYTQLXbB3TU5cYMyymp7SxBzjCfrnUUKygpGr80tAn-Ll7lUASt_L-SgamHD3uHkX7c29pI4mrQPU2gaSNwQnZaKs-Gv1uryV4y_PfTKLymxzMkJyoKPoPyzsxLnnbmZ3cP6y42MI7PrN75_p2GUnowupQbis_qkUicrwt7Q3upokkp3b5PJ9LCIQSip7LPQTQ4bDzYJUPpyoypTR1nHQru_y6vqmmv5jYHirDCI1nZu97lV7Ho3bPQPnjJTZLH_nZAA8RIo9y4U7APAqc9Lt6HncMBHvSvr8VwcTaBK8g2v0tBPLnnDGYauyYpNf93"
  },
  "refreshToken": {
    "token": "eyJraWQiOiI0OTI5NDExMi0yZjcyLTQ5NWUtOWI1ZS00Y2NhMWY0YTQ5ZWIiLCJhbGciOiJSUzM4NCJ9.eyJpc3MiOiJCSUctSVEiLCJqdGkiOiJnRWlmeGNOZWoxMnFYN1FFUkNGMDhRIiwic3ViIjoiaXZhbiIsImF1ZCI6IjE5Mi4xNjguNDMuNzAiLCJpYXQiOjE1MDk1NzgyMjAsImV4cCI6MTUwOTYxNDIyMCwidXNlck5hbWUiOiJpdmFuIiwiYXV0aFByb3ZpZGVyTmFtZSI6InNhbXBsZSIsInVzZXIiOiJodHRwczovL2xvY2FsaG9zdC9tZ210L2NtL3N5c3RlbS9hdXRobi9wcm92aWRlcnMvbGRhcC8yNDE0YTMwNy03ZTNiLTRmODctODljZi0xY2YzNDg4Yjg2ZTQvdXNlcnMvMmM0MmU1Y2YtMWNkYi0zZmVhLTg0ZWQtMjY3MDE4ZWYxNTExIiwidHlwZSI6IlJFRlJFU0giLCJ0aW1lb3V0IjozNjAwMCwiZ3JvdXBSZWZlcmVuY2VzIjpbImh0dHBzOi8vbG9jYWxob3N0L21nbXQvY20vc3lzdGVtL2F1dGhuL3Byb3ZpZGVycy9sZGFwLzI0MTRhMzA3LTdlM2ItNGY4Ny04OWNmLTFjZjM0ODhiODZlNC91c2VyLWdyb3Vwcy81ZThmZjliZi01NWJhLTM1MDgtOTk5ZC0yMmU5ODQxMjliZTYiLCJodHRwczovL2xvY2FsaG9zdC9tZ210L2NtL3N5c3RlbS9hdXRobi9wcm92aWRlcnMvbGRhcC8yNDE0YTMwNy03ZTNiLTRmODctODljZi0xY2YzNDg4Yjg2ZTQvdXNlci1ncm91cHMvMTVjMWI5MDEtNGZmYy0zNjQzLTg1ZWQtOTg0MDU3ZTliMTUyIl19.j2bltzniVB5ksMfOL98aukYbfQ4sPQo2vCIn-SckqqGmfiB3VzBN-xGt3ELvX3KbVXkCG8pPwzCPafSFCZEUieGVWKMSo16rDnxVwXXWxhO074Kw1Sc7uivIKV-VYFRwO2bQCGrGZESQXocmjiOEYzJBfcu5ApXdvJoKDGB2edEizk-urz5HsOLn4NISE7ZLQcLWno8uu0utaQLRoxRiZemDUCG5bDF-JU6vjlaLID1w57BOcudiyXWCek9rSJPzqH9j5dQKluzecqr0eo4yBmX1vLnwYZtQKxSnPcrDDJWsquCGuMpshX_gftExzJaJs_x45kJEWRPg9-SR_jYb86KUIHfoSBY7NI3tBsdGVgaXLGs5vNbRaEpiRtZbWwcPfF6Qm921SVZmpF0FnrEUkdUHDPfeLjRtf0FGJadF7kyTe0Ga-DDZZPeKX4b6Il0D77y-Mm2SYaJp0RLLRqUrLNR4rekuo91LAeZhFU2PFO8hvHHFd6Jlcq9KaUk9e3KG",
    "userName": "jane",
    "authProviderName": "sample",
    "user": {
      "link": "https://localhost/mgmt/cm/system/authn/providers/ldap/2414a307-7e3b-4f87-89cf-1cf3488b86e4/users/2c42e5cf-1cdb-3fea-84ed-267018ef1511"
    },
    "groupReferences": [
      {
        "link": "https://localhost/mgmt/cm/system/authn/providers/ldap/2414a307-7e3b-4f87-89cf-1cf3488b86e4/user-groups/5e8ff9bf-55ba-3508-999d-22e984129be6"
      },
      {
        "link": "https://localhost/mgmt/cm/system/authn/providers/ldap/2414a307-7e3b-4f87-89cf-1cf3488b86e4/user-groups/15c1b901-4ffc-3643-85ed-984057e9b152"
      }
    ],
    "timeout": 36000,
    "address": "192.168.43.70",
    "type": "REFRESH",
    "jti": "gEifxcNej12qX7QERCF08Q",
    "exp": 1509614220,
    "iat": 1509578220,
    "generation": 10,
    "lastUpdateMicros": 1509578220567434,
    "kind": "shared:authz:tokens:authtokenitemstate",
    "selfLink": "https://localhost/mgmt/shared/authz/tokens/eyJraWQiOiI0OTI5NDExMi0yZjcyLTQ5NWUtOWI1ZS00Y2NhMWY0YTQ5ZWIiLCJhbGciOiJSUzM4NCJ9.eyJpc3MiOiJCSUctSVEiLCJqdGkiOiJnRWlmeGNOZWoxMnFYN1FFUkNGMDhRIiwic3ViIjoiaXZhbiIsImF1ZCI6IjE5Mi4xNjguNDMuNzAiLCJpYXQiOjE1MDk1NzgyMjAsImV4cCI6MTUwOTYxNDIyMCwidXNlck5hbWUiOiJpdmFuIiwiYXV0aFByb3ZpZGVyTmFtZSI6InNhbXBsZSIsInVzZXIiOiJodHRwczovL2xvY2FsaG9zdC9tZ210L2NtL3N5c3RlbS9hdXRobi9wcm92aWRlcnMvbGRhcC8yNDE0YTMwNy03ZTNiLTRmODctODljZi0xY2YzNDg4Yjg2ZTQvdXNlcnMvMmM0MmU1Y2YtMWNkYi0zZmVhLTg0ZWQtMjY3MDE4ZWYxNTExIiwidHlwZSI6IlJFRlJFU0giLCJ0aW1lb3V0IjozNjAwMCwiZ3JvdXBSZWZlcmVuY2VzIjpbImh0dHBzOi8vbG9jYWxob3N0L21nbXQvY20vc3lzdGVtL2F1dGhuL3Byb3ZpZGVycy9sZGFwLzI0MTRhMzA3LTdlM2ItNGY4Ny04OWNmLTFjZjM0ODhiODZlNC91c2VyLWdyb3Vwcy81ZThmZjliZi01NWJhLTM1MDgtOTk5ZC0yMmU5ODQxMjliZTYiLCJodHRwczovL2xvY2FsaG9zdC9tZ210L2NtL3N5c3RlbS9hdXRobi9wcm92aWRlcnMvbGRhcC8yNDE0YTMwNy03ZTNiLTRmODctODljZi0xY2YzNDg4Yjg2ZTQvdXNlci1ncm91cHMvMTVjMWI5MDEtNGZmYy0zNjQzLTg1ZWQtOTg0MDU3ZTliMTUyIl19.j2bltzniVB5ksMfOL98aukYbfQ4sPQo2vCIn-SckqqGmfiB3VzBN-xGt3ELvX3KbVXkCG8pPwzCPafSFCZEUieGVWKMSo16rDnxVwXXWxhO074Kw1Sc7uivIKV-VYFRwO2bQCGrGZESQXocmjiOEYzJBfcu5ApXdvJoKDGB2edEizk-urz5HsOLn4NISE7ZLQcLWno8uu0utaQLRoxRiZemDUCG5bDF-JU6vjlaLID1w57BOcudiyXWCek9rSJPzqH9j5dQKluzecqr0eo4yBmX1vLnwYZtQKxSnPcrDDJWsquCGuMpshX_gftExzJaJs_x45kJEWRPg9-SR_jYb86KUIHfoSBY7NI3tBsdGVgaXLGs5vNbRaEpiRtZbWwcPfF6Qm921SVZmpF0FnrEUkdUHDPfeLjRtf0FGJadF7kyTe0Ga-DDZZPeKX4b6Il0D77y-Mm2SYaJp0RLLRqUrLNR4rekuo91LAeZhFU2PFO8hvHHFd6Jlcq9KaUk9e3KG"
  },
  "generation": 4,
  "lastUpdateMicros": 1509578220568234
}

Common Errors

Most common errors are a result of setting up the filters improperly. This will cause a user not to be assigned to the group or the group search functionality to not work. Please consult the BIG-IQ documentation for more information on specifying the correct filters.