Forum Discussion

J_48024's avatar
J_48024
Icon for Nimbostratus rankNimbostratus
Jul 01, 2015

LDAP irule

Hello:

 

Environment: Working secureLDAP virtual where only clientside TLS encryption is configured and server side (Microsoft AD) is plain tcp/389.

 

Need help to create an iRule to achieve following two objectives.

 

1) Narrow down the request acceptance from : 10.x.x.x and 192.168.x.x range ; If possible using datagroup 2) If possible, narrow down the ldap looks to a particular OU only i.e. OU=Users,OU=f5,OU=com 3) Generate a log.local0 suggesting " using request and also what was returned back.

 

Appreciate your pointers for me to march in the right direction.

 

Thanks in advance,

 

1 Reply

  • What version of TMOS are you using? LDAP support was part of ACA in previous versions, but has been deprecated. Unless you are using an older version of TMOS and have ACA licensed, an LTM only irule for LDAP will be extremely complex with SIDEBAND connections. Its possible, but it's binary and very complex. I would not want to have to support it, and it would most likely not be supported during an upgrade.

     

    An easier approach would be to use integrated LDAP with Access Policy Manager.