Forum Discussion
Hi SysTopher,
sounds promissing so far...
regarding 1.) you may use a wireshark capture to find out. A simple Bind always contains clear text credentials. So if you see your username password on LDAP(without S) on port 389, then it would be a "simple" Bind authentication...
regarding 2.) If the usernames do have a fixed notation, then it could be possible to just parse the initial bind request for certain domain strings and then issue a [pool] command to select the LDAP instance. In this case you dont even have to dig into the LDAP opcodes. It would then require a very simple iRule then to pull of the trick...(I guess less than 20 lines)
regarding 3.) is it really pure authentication (aka. validating the user credentials) or do you need to resolve group memberships (aka. authorizing the users)? If the later is the case, are the different LDAPs sharing an unified base name for the lookups or at least having an identical Base-DN lenght? I'm asking since I duno, if LDAP opcodes are always taking care of the field lenght or if LDAP uses fixed limiters here and there. I'm just preparing for the worst... 😉
regarding 4.) its not that important for the final solution. Pure LDAP is just easier to analyse... ;-D
Cheers, Kai