Forum Discussion

Stefano_E__1814's avatar
Stefano_E__1814
Icon for Nimbostratus rankNimbostratus
Mar 09, 2015

Delete session after Ldap query

we must create a service that it make a ldap query with username. We have created an Access Profile with ldap query. After retrieve the informations from ldap, we check their.

 

If the informations are correct, the service must load balance traffic to the specified pool with the command "pool". At Last, we want to eliminate the session that was created by APM.

 

How can we delete the session before to send the response to the client?

 

application delivery
BIG-IP Access Policy Manager (APM)
ldap query
LTM
security

2 Replies

Sort By
  • Michael_Jenkins's avatar
    Michael_Jenkins
    Icon for Cirrostratus rankCirrostratus
    Mar 09, 2015

    You may want to check out the ACCESS::policy evaluate function that you can call from an iRule to see if you can accomplish what you're looking for with that. You could try to use it to evaluate an access policy like you've mentioned that does an LDAP query and then does an 

    allow
    or 
    deny
    and use that response in the iRule to determine whether to set the 
    pool
    or 
    reject
    /
    drop
    the request. (On that page, it also shows how to remove the session in the example)

  • Stefano_E__1814's avatar
    Stefano_E__1814
    Icon for Nimbostratus rankNimbostratus
    Mar 09, 2015

    This is the solution:

    when CLIENT_CLOSED {
     To avoid clutter, remove the access session for the flow.
    ACCESS::session remove -sid $flow_sid
}

    We remove the session in the wrong events. Now, in "CLIENT_CLOSED" it work correctly.

    Thx!!! Stefano