Forum Discussion
Ken_Cottrell
Nimbostratus
NimbostratusAnyone using the LDAP Proxy iRule with and SSL Virt Host?
We have implemented the LDAP Proxy iRule on a non-ssl Virtual host to send read and write requests to separate pools. When implementing the same iRule for an ssl Virtual host, we are getting a NamingException, bind failed, connect reset. If I replace the iRule with an SSL default pool it works fine so my SSL config is good. Has anyone else done this?
hoolioCirrostratus
Hi Skynard,
If the clientside connection is encrypted and you want to inspect the decrypted payload, I think you'd need to use SSL::collect and SSL::payload on v10.x to handle this. Or in v9.4+ you could use a simple iRule on the existing SSL VIP which uses the command to call a second internal VIP which uses the LDAP proxy iRule enabled.
Aaron
Ken_CottrellThanks for the reply Aaron,
I made the following changes to the iRule we are using for non-SSL LDAP traffic, but am still getting simple bind failed, connect reset.
I am also not seeing any log entries for this rule when setting debug on.
I changed TCP::collect and TCP::payload with SSL::collect and SSL::payload in the existing iRule.
I also ended up changing:
CLIENT_ACCEPTED to CLIENTSSL_HANDSHAKE
CLIENT_DATA to CLIENTSSL_DATA and
SERVER_ACCEPTED to SERVERSSL_HANDSHAKE
SERVER_DATA to SERVERSSL_DATA
I also changed TCP::release and TCP::respond to SSL::releae and SSL::respond.