iRule for selecting different pools collect from ldap-query

The idea would be to offload some of that authentication to APM (let it do the LDAP auth and/or query for you). You haven't really specified what the process is, so it's a little difficult to say how that'd work. Can you elaborate?

Hi Kevin,

you told about APM. If I used APM how can I guarantee that the right LDAP-Server (Pool) would be selected ?

Yes I have more than one LDAP-Server and I want to choose the right for remote Authentication. I can do a specific query for selecting the rigth domain from the RAS-Server. APM is not licensed and may not an option today.

So you want to basically load balance LDAP client requests but forward to different LDAP servers based on the request. This is not a trivial thing to do, as 1) the initial bind request doesn't carry any query information, and 2) it's all binary data so that in and of itself makes the iRule challenging.

So just to clarify:

1. Is the domain only in the query, or do you specify it in some way when you bind?

    

2. Is APM an option?

    

I want to select different LDAP-Servers in different Domains with one virtual Server used.

LDAP is a binary protocol, so it really depends on a lot of variables. For instance:

1. Most important, the query is usually just one of several LDAP messages that occur. There's also usually bind and unbind messages, which don't carry any query information.

    

2. Where are you specifying the domain in the query? In the search base or in a DN value? You would necessarily have to write an iRule that could parse the binary LDAP request, so knowing where to look would be important. There are various LDAP proxy iRules floating around, but none are trivial.

    

Is it that you simply need to load balance LDAP requests, or could you potentially offload the entire process to the Access Policy Manager module, which would make light work of the whole thing?