Configure LDAP authentication on a BIG-IQ¶
Overview¶
You can use the REST API to configure the BIG-IQ so that users can be authenticated with an LDAP server.
Prerequisites¶
This example assumes the following.
- The BIG-IQ is operational, has completed the setup and has all system-level configuration in place.
- When performing the tasks in this example, you will review the LDAP configuration settings and change them as appropriate for your environment.
Description¶
You can configure LDAP authentication on a BIG-IQ by following these steps.
- (OPTIONAL) Perform a POST on the
providers/ldap/evaluate
URI to test LDAP configuration settings and connectivity. - Perform a POST to the
providers/ldap
URI to create the LDAP authentication provider on the BIG-IQ. - (OPTIONAL) Perform a GET to find the LDAP remote groups.
- Perform a POST on the LDAP provider’s group collection to create a user group.
- Login with the user to obtain a token.
1. (OPTIONAL) Perform a POST on the providers/ldap/evaluate
URI to test LDAP configuration settings and connectivity.¶
Perform a POST to verify your connectivity to the servers you have
listed in the servers
field of the POST request body. This will also
ensure that you can to bind to the LDAP server. The response will
indicate which servers could be verified.
POST: https://<BIG-IQ>/mgmt/cm/system/authn/providers/ldap/evaluate
The JSON in the body of the request can look similar to the following.
{
"providerState": {
"name":"sample",
"servers":[
{
"host":"198.51.100.0",
"port":389
}
],
"rootDn":"dc=mgmt,dc=seatt,dc=t1net,dc=com",
"bindUser":"cn=admin,dc=mgmt,dc=seatt,dc=t1net,dc=com",
"bindPassword":"paswd02",
"userSearchFilter":"(&(uid={username}))",
"groupSearchFilter":"(&(objectClass=posixGroup)(cn={searchterm}))",
"groupMembershilFilter":"(&(objectClass=posixGroup)(cn={searchterm}))"
},
"username":"john",
"password":"johnldap"
}
The JSON in the body of the response can look similar to the following.
{
"failed": [],
"generation": 0,
"kind": "cm:system:authn:providers:ldap:evaluate:ldapevaluatestate",
"lastUpdateMicros": 0,
"password": "johnldap",
"providerState": {
"authMethod": "simple",
"bindUser": "cn=admin,dc=mgmt,dc=seatt,dc=t1net,dc=com",
"connectTimeoutMs": 5000,
"encryptedBindPassword": "K+d1/FcgdAHbUYQTq4Ac+4y4AgN9e7AZbszaCfb4EHY=",
"generation": 0,
"groupSearchFilter": "(&(objectClass=posixGroup)(cn={searchterm}))",
"lastUpdateMicros": 0,
"name": "sample",
"readTimeoutMs": 10000,
"rootDn": "dc=mgmt,dc=seatt,dc=t1net,dc=com",
"searchScope": 2,
"servers": [
{
"host": "198.51.100.0",
"port": 389
}
],
"userBindTemplateIsDistinguishedName": true,
"userSearchFilter": "(&(uid={username}))"
},
"succeeded": [
{
"host": "198.51.100.0",
"port": 389
}
],
"username": "john"
}
2. Perform a POST to the providers/ldap
URI to create the LDAP authentication provider on the BIG-IQ.¶
Perform a POST to the LDAP collection URI to create the authentication provider. The following options can be included in the JSON body.
Name | Type | Default | Description |
---|---|---|---|
bindPassword |
string | none | The password that accompanies the bindUser |
bindUser |
string | none | Supplied if no userBindTemplate is provided |
connectionTimeoutMs |
number | none | Amount of time (milliseconds) to try to connect to the ldap server |
groupMembershipFilter |
string | none | Use this if group membership information is on the group. |
groupMembershipUserAttribute |
string | none | Use this if a user’s attribute has group membership information. |
groupSearchFilter |
string | none | Used to help find groups |
groupDisplayNameAttribute |
string | none | Specify the attribute that is a group’s display name. |
readTimeoutMs |
number | none | Amount of time (milliseconds) to try to read from the ldap server |
rootDn |
string | none | Root of the directory tree |
searchScope |
number | none | Number of levels to search |
servers.host |
string | none | IP address for the ldap server |
servers.port |
string | none | Port number for the ldap server |
sslPreference |
enum | none | The value can be enabled or disabled . When enabled , ldaps:// is used. |
userBindTemplateIsDistinguishedName |
boolean | none | If this is true, log-ins will be through direct bind to a distinguished name. |
userDisplayNameAttribute |
string | none | After the user has logged in, this is used to find their display name. |
userSearchFilter |
string | none | Filter used when searching for a user |
POST: https://<BIG-IQ>/mgmt/cm/system/authn/providers/ldap
The JSON in the body of the request can look similar to the following.
{
"authMethod": "simple",
"bindUser": "cn=admin,dc=mgmt,dc=seatt,dc=t1net,dc=com",
"connectTimeoutMs": 5000,
"encryptedBindPassword": "K+d1/FcgdAHbUYQTq4Ac+4y4AgN9e7AZbszaCfb4EHY=",
"generation": 0,
"groupSearchFilter": "(&(objectClass=posixGroup)(cn={searchterm}))",
"groupMembershipFilter": "(|(memberUid={username}))",
"lastUpdateMicros": 0,
"name": "sample",
"readTimeoutMs": 10000,
"rootDn": "dc=mgmt,dc=seatt,dc=t1net,dc=com",
"searchScope": 2,
"servers": [
{
"host": "198.51.100.0",
"port": 389
}
],
"userBindTemplateIsDistinguishedName": true,
"userSearchFilter": "(&(uid={username}))"
}
The JSON in the body of the response can look similar to the following.
{
"authMethod": "simple",
"bindUser": "cn=admin,dc=mgmt,dc=seatt,dc=t1net,dc=com",
"connectTimeoutMs": 5000,
"encryptedBindPassword": "K+d1/FcgdAHbUYQTq4Ac+4y4AgN9e7AZbszaCfb4EHY=",
"generation": 1,
"groupSearchFilter": "(&(objectClass=posixGroup)(cn={searchterm}))",
"groupMembershipFilter": "(|(memberUid={username}))",
"groupsReference": {
"link": "https://localhost/mgmt/cm/system/authn/providers/ldap/2414a307-7e3b-4f87-89cf-1cf3488b86e4/user-groups"
},
"id": "2414a307-7e3b-4f87-89cf-1cf3488b86e4",
"kind": "cm:system:authn:providers:ldap:ldapproviderstate",
"lastUpdateMicros": 1509574483475413,
"loginReference": {
"link": "https://localhost/mgmt/cm/system/authn/providers/ldap/2414a307-7e3b-4f87-89cf-1cf3488b86e4/login"
},
"name": "sample",
"readTimeoutMs": 10000,
"remoteGroupsReference": {
"link": "https://localhost/mgmt/cm/system/authn/providers/ldap/2414a307-7e3b-4f87-89cf-1cf3488b86e4/remote-groups"
},
"rootDn": "dc=mgmt,dc=seatt,dc=t1net,dc=com",
"searchScope": 2,
"selfLink": "https://localhost/mgmt/cm/system/authn/providers/ldap/2414a307-7e3b-4f87-89cf-1cf3488b86e4",
"servers": [
{
"host": "198.51.100.0",
"port": 389
}
],
"userBindTemplateIsDistinguishedName": true,
"userSearchFilter": "(&(uid={username}))",
"usersReference": {
"link": "https://localhost/mgmt/cm/system/authn/providers/ldap/2414a307-7e3b-4f87-89cf-1cf3488b86e4/users"
}
}
3. (OPTIONAL) Perform a GET to find the LDAP remote groups¶
If you have properly setup a groupSearchFilter
, you can use the
BIG-IQ to search for groups and use them to create a user group.
Perform a GET on remoteGroupsReference
returned in the above example
with the query parameters to find the group distinguished name. Note
that in the following example we have a two groups on the LDAP server.
These groups are named: miners and engineers. The following request gets
the distinguishedName
for the miners group.
GET: https://<BIG-IQ>/mgmt/cm/system/authn/providers/ldap/2414a307-7e3b-4f87-89cf-1cf3488b86e4/remote-groups?groupFilter=miners
The JSON in the body of the response can look similar to the following.
{
"items": [
{
"distinguishedName": "cn=miners,ou=Groups,dc=mgmt,dc=seatt,dc=t1net,dc=com"
}
]
}
4. Perform a POST on the LDAP provider’s group collection to create a user group.¶
To create a group which the user will be automatically assigned to when
the user logs in, you can send a POST request to the LDAP provider’s
group collection. You can use the distinguishedName
obtained in the
previous step, to specify the group.
POST: https://<BIG-IQ>/mgmt/cm/system/authn/providers/ldap/2414a307-7e3b-4f87-89cf-1cf3488b86e4/user-groups
The JSON in the body of the request can look similar to the following.
{
"name":"sample",
"groupDn":"cn=miners,ou=Groups,dc=mgmt,dc=seatt,dc=t1net,dc=com"
}
The JSON in the body of the response can look similar to the following.
{
"generation": 1,
"groupDn": "cn=miners,ou=Groups,dc=mgmt,dc=seatt,dc=t1net,dc=com",
"id": "5e8ff9bf-55ba-3508-999d-22e984129be6",
"kind": "cm:system:authn:providers:ldap:ldapusergroupstate",
"lastUpdateMicros": 1509576337318628,
"name": "sample",
"selfLink": "https://localhost/mgmt/cm/system/authn/providers/ldap/2414a307-7e3b-4f87-89cf-1cf3488b86e4/user-groups/5e8ff9bf-55ba-3508-999d-22e984129be6"
}
5. Login with the user to obtain a token.¶
After completing the previous steps, you can get an authentication token
for a user that exists on the LDAP server by making a POST to the
login
endpoint. This token can be used in subsequent requests and
will be authorized to access any resources their user reference or group
references have permission to access.
POST https://<BIG-IQ>/mgmt/shared/authn/login
The JSON in the body of the request can look similar to the following.
{
"username":"john",
"password":"johnldap",
"loginReference": {
"link": "https://localhost/mgmt/cm/system/authn/providers/ldap/2414a307-7e3b-4f87-89cf-1cf3488b86e4/login"
}
}
The JSON in the body of the response can look similar to the following.
{
"username": "jane",
"loginReference": {
"link": "https://localhost/mgmt/cm/system/authn/providers/ldap/2414a307-7e3b-4f87-89cf-1cf3488b86e4/login"
},
"token": {
"token": "bi9wcm92aBRlcnMvbGRpcC8yNDy0YTMwNy03ZTNiLTRmODctODljZi0xY2YzNDg4Yjg2ZTQvnXNlcnMvMmM0MmU1Y2YtMBNkYi0zZmVpLTg0ZBQtMjY3MDyTQ5NBUtOBI1ZS00Y2NpMBY0YTQ5ZBIiLCJpbGciOiJSUzM4NCJ9.yyJpc3MiOiJCSUctSVyiLCJqnGkiOiIyTXJuZUV1SUZ4SzlNb2nDaUUuYmx3Iiwic3ViIjoiaXZpbiIsImU1ZCI6Ijy5MiyyJraBQiOiI0OTI5NDyxMi0yZjcyL4xNjguNDMuNzAiLCJpYXQiOjy1MDk1NzgyMjAsImV4cCI6MTUwOTU3ODUyMCwinXNlck5pbBUiOiJpnmUuIiwiYXV0aUByb3ZpZGVyTmUtZSI6InNpbXBsZSIsInVzZXIiOiJonHRwczovL2xvY2UsaG9znC9tZ210L2NtL3N5c3RlbS9pnXRo4ZBYxNTyxIiwinHlwZSI6IkUDQ0VTUyIsInRpbBVvnXQiOjMwMCwiZ3JvnXBSZBZlcmVuY2VzIjpbImp0nHBzOi8vbG9jYBxob3N0L21nbXQvY20vc3lznGVtL2U1nGpuL3Byb3ZpZGVycy9sZGUwLzI0MTRpMzA3LTnlM2ItNGY4Ny04OBNmLTUjZjM0ODpiODZlNC91c2VyLBnyb3Vwcy81ZTpmZjliZi01NBJpLTM1MDgtOTk5ZC0yMmU5ODQxMjliZTYiLCJonHRwczovL2xvY2UsaLTRmODctODljZi0xY2YzNDg4Yjg2ZTQvnXNlci1ncm91cHMvMTVjMBI5MDytNGZmYy0zNjQzLTg1ZBQtOTg0MDU3ZTliMTUyIl19.cVUCUc239bwSnRuXlpUpAGJ0p7nRTuAfc4sblSOPPaunb9cXkaiCa94LkyUUCfP53wy76G9znC9tZ210L2NtL3N5c3RlbS9pnXRobi9wcm92aBRlcnMvbGRpcC8yNDy0YTMwNy03ZTNirIC4ywuYgDNiDUxAZU18BNsBynq8SItuyBcbH9UyL4nzVMbQnBwJKBjzRoKIbZpnNjkoNBPmHimos9QXyZymr22pQpHpIJXZI-1k2192ACH4jpABfv3n5Z3aOTQBUYTQLXbB3TU5cYMyymp7SxBzjCfrnUUKygpGr80tAn-Ll7lUASt_L-SgamHD3uHkX7c29pI4mrQPU2gaSNwQnZaKs-Gv1uryV4y_PfTKLymxzMkJyoKPoPyzsxLnnbmZ3cP6y42MI7PrN75_p2GUnowupQbis_qkUicrwt7Q3upokkp3b5PJ9LCIQSip7LPQTQ4bDzYJUPpyoypTR1nHQru_y6vqmmv5jYHirDCI1nZu97lV7Ho3bPQPnjJTZLH_nZAA8RIo9y4U7APAqc9Lt6HncMBHvSvr8VwcTaBK8g2v0tBPLnnDGYauyYpNf93",
"userName": "jane",
"authProviderName": "sample",
"user": {
"link": "https://localhost/mgmt/cm/system/authn/providers/ldap/2414a307-7e3b-4f87-89cf-1cf3488b86e4/users/2c42e5cf-1cdb-3fea-84ed-267018ef1511"
},
"groupReferences": [
{
"link": "https://localhost/mgmt/cm/system/authn/providers/ldap/2414a307-7e3b-4f87-89cf-1cf3488b86e4/user-groups/5e8ff9bf-55ba-3508-999d-22e984129be6"
},
{
"link": "https://localhost/mgmt/cm/system/authn/providers/ldap/2414a307-7e3b-4f87-89cf-1cf3488b86e4/user-groups/15c1b901-4ffc-3643-85ed-984057e9b152"
}
],
"timeout": 300,
"address": "192.168.43.70",
"type": "ACCESS",
"jti": "2MrneEuIFxK9MogCiAnblw",
"exp": 1509578520,
"iat": 1509578220,
"generation": 9,
"lastUpdateMicros": 1509578220541318,
"kind": "shared:authz:tokens:authtokenitemstate",
"selfLink": "https://localhost/mgmt/shared/authz/tokens/bi9wcm92aBRlcnMvbGRpcC8yNDy0YTMwNy03ZTNiLTRmODctODljZi0xY2YzNDg4Yjg2ZTQvnXNlcnMvMmM0MmU1Y2YtMBNkYi0zZmVpLTg0ZBQtMjY3MDyTQ5NBUtOBI1ZS00Y2NpMBY0YTQ5ZBIiLCJpbGciOiJSUzM4NCJ9.yyJpc3MiOiJCSUctSVyiLCJqnGkiOiIyTXJuZUV1SUZ4SzlNb2nDaUUuYmx3Iiwic3ViIjoiaXZpbiIsImU1ZCI6Ijy5MiyyJraBQiOiI0OTI5NDyxMi0yZjcyL4xNjguNDMuNzAiLCJpYXQiOjy1MDk1NzgyMjAsImV4cCI6MTUwOTU3ODUyMCwinXNlck5pbBUiOiJpnmUuIiwiYXV0aUByb3ZpZGVyTmUtZSI6InNpbXBsZSIsInVzZXIiOiJonHRwczovL2xvY2UsaG9znC9tZ210L2NtL3N5c3RlbS9pnXRo4ZBYxNTyxIiwinHlwZSI6IkUDQ0VTUyIsInRpbBVvnXQiOjMwMCwiZ3JvnXBSZBZlcmVuY2VzIjpbImp0nHBzOi8vbG9jYBxob3N0L21nbXQvY20vc3lznGVtL2U1nGpuL3Byb3ZpZGVycy9sZGUwLzI0MTRpMzA3LTnlM2ItNGY4Ny04OBNmLTUjZjM0ODpiODZlNC91c2VyLBnyb3Vwcy81ZTpmZjliZi01NBJpLTM1MDgtOTk5ZC0yMmU5ODQxMjliZTYiLCJonHRwczovL2xvY2UsaLTRmODctODljZi0xY2YzNDg4Yjg2ZTQvnXNlci1ncm91cHMvMTVjMBI5MDytNGZmYy0zNjQzLTg1ZBQtOTg0MDU3ZTliMTUyIl19.cVUCUc239bwSnRuXlpUpAGJ0p7nRTuAfc4sblSOPPaunb9cXkaiCa94LkyUUCfP53wy76G9znC9tZ210L2NtL3N5c3RlbS9pnXRobi9wcm92aBRlcnMvbGRpcC8yNDy0YTMwNy03ZTNirIC4ywuYgDNiDUxAZU18BNsBynq8SItuyBcbH9UyL4nzVMbQnBwJKBjzRoKIbZpnNjkoNBPmHimos9QXyZymr22pQpHpIJXZI-1k2192ACH4jpABfv3n5Z3aOTQBUYTQLXbB3TU5cYMyymp7SxBzjCfrnUUKygpGr80tAn-Ll7lUASt_L-SgamHD3uHkX7c29pI4mrQPU2gaSNwQnZaKs-Gv1uryV4y_PfTKLymxzMkJyoKPoPyzsxLnnbmZ3cP6y42MI7PrN75_p2GUnowupQbis_qkUicrwt7Q3upokkp3b5PJ9LCIQSip7LPQTQ4bDzYJUPpyoypTR1nHQru_y6vqmmv5jYHirDCI1nZu97lV7Ho3bPQPnjJTZLH_nZAA8RIo9y4U7APAqc9Lt6HncMBHvSvr8VwcTaBK8g2v0tBPLnnDGYauyYpNf93"
},
"refreshToken": {
"token": "eyJraWQiOiI0OTI5NDExMi0yZjcyLTQ5NWUtOWI1ZS00Y2NhMWY0YTQ5ZWIiLCJhbGciOiJSUzM4NCJ9.eyJpc3MiOiJCSUctSVEiLCJqdGkiOiJnRWlmeGNOZWoxMnFYN1FFUkNGMDhRIiwic3ViIjoiaXZhbiIsImF1ZCI6IjE5Mi4xNjguNDMuNzAiLCJpYXQiOjE1MDk1NzgyMjAsImV4cCI6MTUwOTYxNDIyMCwidXNlck5hbWUiOiJpdmFuIiwiYXV0aFByb3ZpZGVyTmFtZSI6InNhbXBsZSIsInVzZXIiOiJodHRwczovL2xvY2FsaG9zdC9tZ210L2NtL3N5c3RlbS9hdXRobi9wcm92aWRlcnMvbGRhcC8yNDE0YTMwNy03ZTNiLTRmODctODljZi0xY2YzNDg4Yjg2ZTQvdXNlcnMvMmM0MmU1Y2YtMWNkYi0zZmVhLTg0ZWQtMjY3MDE4ZWYxNTExIiwidHlwZSI6IlJFRlJFU0giLCJ0aW1lb3V0IjozNjAwMCwiZ3JvdXBSZWZlcmVuY2VzIjpbImh0dHBzOi8vbG9jYWxob3N0L21nbXQvY20vc3lzdGVtL2F1dGhuL3Byb3ZpZGVycy9sZGFwLzI0MTRhMzA3LTdlM2ItNGY4Ny04OWNmLTFjZjM0ODhiODZlNC91c2VyLWdyb3Vwcy81ZThmZjliZi01NWJhLTM1MDgtOTk5ZC0yMmU5ODQxMjliZTYiLCJodHRwczovL2xvY2FsaG9zdC9tZ210L2NtL3N5c3RlbS9hdXRobi9wcm92aWRlcnMvbGRhcC8yNDE0YTMwNy03ZTNiLTRmODctODljZi0xY2YzNDg4Yjg2ZTQvdXNlci1ncm91cHMvMTVjMWI5MDEtNGZmYy0zNjQzLTg1ZWQtOTg0MDU3ZTliMTUyIl19.j2bltzniVB5ksMfOL98aukYbfQ4sPQo2vCIn-SckqqGmfiB3VzBN-xGt3ELvX3KbVXkCG8pPwzCPafSFCZEUieGVWKMSo16rDnxVwXXWxhO074Kw1Sc7uivIKV-VYFRwO2bQCGrGZESQXocmjiOEYzJBfcu5ApXdvJoKDGB2edEizk-urz5HsOLn4NISE7ZLQcLWno8uu0utaQLRoxRiZemDUCG5bDF-JU6vjlaLID1w57BOcudiyXWCek9rSJPzqH9j5dQKluzecqr0eo4yBmX1vLnwYZtQKxSnPcrDDJWsquCGuMpshX_gftExzJaJs_x45kJEWRPg9-SR_jYb86KUIHfoSBY7NI3tBsdGVgaXLGs5vNbRaEpiRtZbWwcPfF6Qm921SVZmpF0FnrEUkdUHDPfeLjRtf0FGJadF7kyTe0Ga-DDZZPeKX4b6Il0D77y-Mm2SYaJp0RLLRqUrLNR4rekuo91LAeZhFU2PFO8hvHHFd6Jlcq9KaUk9e3KG",
"userName": "jane",
"authProviderName": "sample",
"user": {
"link": "https://localhost/mgmt/cm/system/authn/providers/ldap/2414a307-7e3b-4f87-89cf-1cf3488b86e4/users/2c42e5cf-1cdb-3fea-84ed-267018ef1511"
},
"groupReferences": [
{
"link": "https://localhost/mgmt/cm/system/authn/providers/ldap/2414a307-7e3b-4f87-89cf-1cf3488b86e4/user-groups/5e8ff9bf-55ba-3508-999d-22e984129be6"
},
{
"link": "https://localhost/mgmt/cm/system/authn/providers/ldap/2414a307-7e3b-4f87-89cf-1cf3488b86e4/user-groups/15c1b901-4ffc-3643-85ed-984057e9b152"
}
],
"timeout": 36000,
"address": "192.168.43.70",
"type": "REFRESH",
"jti": "gEifxcNej12qX7QERCF08Q",
"exp": 1509614220,
"iat": 1509578220,
"generation": 10,
"lastUpdateMicros": 1509578220567434,
"kind": "shared:authz:tokens:authtokenitemstate",
"selfLink": "https://localhost/mgmt/shared/authz/tokens/eyJraWQiOiI0OTI5NDExMi0yZjcyLTQ5NWUtOWI1ZS00Y2NhMWY0YTQ5ZWIiLCJhbGciOiJSUzM4NCJ9.eyJpc3MiOiJCSUctSVEiLCJqdGkiOiJnRWlmeGNOZWoxMnFYN1FFUkNGMDhRIiwic3ViIjoiaXZhbiIsImF1ZCI6IjE5Mi4xNjguNDMuNzAiLCJpYXQiOjE1MDk1NzgyMjAsImV4cCI6MTUwOTYxNDIyMCwidXNlck5hbWUiOiJpdmFuIiwiYXV0aFByb3ZpZGVyTmFtZSI6InNhbXBsZSIsInVzZXIiOiJodHRwczovL2xvY2FsaG9zdC9tZ210L2NtL3N5c3RlbS9hdXRobi9wcm92aWRlcnMvbGRhcC8yNDE0YTMwNy03ZTNiLTRmODctODljZi0xY2YzNDg4Yjg2ZTQvdXNlcnMvMmM0MmU1Y2YtMWNkYi0zZmVhLTg0ZWQtMjY3MDE4ZWYxNTExIiwidHlwZSI6IlJFRlJFU0giLCJ0aW1lb3V0IjozNjAwMCwiZ3JvdXBSZWZlcmVuY2VzIjpbImh0dHBzOi8vbG9jYWxob3N0L21nbXQvY20vc3lzdGVtL2F1dGhuL3Byb3ZpZGVycy9sZGFwLzI0MTRhMzA3LTdlM2ItNGY4Ny04OWNmLTFjZjM0ODhiODZlNC91c2VyLWdyb3Vwcy81ZThmZjliZi01NWJhLTM1MDgtOTk5ZC0yMmU5ODQxMjliZTYiLCJodHRwczovL2xvY2FsaG9zdC9tZ210L2NtL3N5c3RlbS9hdXRobi9wcm92aWRlcnMvbGRhcC8yNDE0YTMwNy03ZTNiLTRmODctODljZi0xY2YzNDg4Yjg2ZTQvdXNlci1ncm91cHMvMTVjMWI5MDEtNGZmYy0zNjQzLTg1ZWQtOTg0MDU3ZTliMTUyIl19.j2bltzniVB5ksMfOL98aukYbfQ4sPQo2vCIn-SckqqGmfiB3VzBN-xGt3ELvX3KbVXkCG8pPwzCPafSFCZEUieGVWKMSo16rDnxVwXXWxhO074Kw1Sc7uivIKV-VYFRwO2bQCGrGZESQXocmjiOEYzJBfcu5ApXdvJoKDGB2edEizk-urz5HsOLn4NISE7ZLQcLWno8uu0utaQLRoxRiZemDUCG5bDF-JU6vjlaLID1w57BOcudiyXWCek9rSJPzqH9j5dQKluzecqr0eo4yBmX1vLnwYZtQKxSnPcrDDJWsquCGuMpshX_gftExzJaJs_x45kJEWRPg9-SR_jYb86KUIHfoSBY7NI3tBsdGVgaXLGs5vNbRaEpiRtZbWwcPfF6Qm921SVZmpF0FnrEUkdUHDPfeLjRtf0FGJadF7kyTe0Ga-DDZZPeKX4b6Il0D77y-Mm2SYaJp0RLLRqUrLNR4rekuo91LAeZhFU2PFO8hvHHFd6Jlcq9KaUk9e3KG"
},
"generation": 4,
"lastUpdateMicros": 1509578220568234
}
Common Errors¶
Most common errors are a result of setting up the filters improperly. This will cause a user not to be assigned to the group or the group search functionality to not work. Please consult the BIG-IQ documentation for more information on specifying the correct filters.