For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Garth_Ladlow_32's avatar
Garth_Ladlow_32
Icon for Nimbostratus rankNimbostratus
Feb 24, 2011

Am looking for a way to modify the cn of a LDAP bind request

Am looking for a way to modify the cn of a LDAP bind request

 

 

Hoping it is possible for an iRule to rewrite a request from Novell eDirectory to Active Directory.

 

 

ie change 'cn=rauth,ou=pco,o=tetv' to rauth@acd.domain.

 

 

 

Hoping someone can lead me in the right direction, I can not find anything in the forums.

 

 

 

Thankyou
application delivery
dev
devops
iRules

2 Replies

  • Garth_Ladlow_32's avatar
    Garth_Ladlow_32
    Icon for Nimbostratus rankNimbostratus
    Feb 25, 2011

    I have the following which is close but it errors with the valid password

     

     

    when CLIENT_ACCEPTED {

     

    TCP::collect

     

    }

     

    when CLIENT_DATA {

     

     

    set payload [TCP::payload]

     

     

    regsub -all "cn=rad,ou=pco,o=etv" $payload "cn=rad,ou=earth,ou=thirdplanet,dc=aus,dc=somewhere" payload

     

     

    TCP::payload replace 0 [TCP::payload length] $payload

     

    TCP::release

     

    TCP::collect

     

    }

     

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Feb 25, 2011
    Hi Garth,

     

     

    I imagine you could parse the TCP data to do this, but I haven't tried something like this before. Joe added a great Codeshare example which parses LDAP requests to separate read and write requests. You could use this as a start:

     

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/LDAPProxy.html

     

     

    Aaron