Forum Discussion
NimbostratusAPM directing user flow based on LDAP query
Morning,
What is the best way to address the following situation: APM VPE is a basic setup:
Logon Page -> LDAP Query -> LDAP Auth -> SSO Cred Mapping -> Allow
Complicated part comes with the LDAP Query branch rules. Aside from the state checks that I need to make, there is a variable I fetch that can have 3 states (0, 1, 2). Each of these states will have unique branches to direct the user to different locations. How do I tell APM to do this?
Logon Page -> LDAP Query -> state=0 -> Not authorized -> back to front door (end point?)
-> state=1 -> Undetermined state -> go to a specific location on a backend server
-> state=2 -> Authorized -> go to default location (LTM default pool picks this up?) -> Allow
I thought it was done with adding a "Pool Assign", but then I don't see a way to specify a specific location on the destinations web server to go to. (ie. http://webserver/a/b/c.html) Not clearly understanding which fires first, I have been thinking that maybe I should be using APM Policies or iRules to trigger the event to go to specific locations as well.
Any advice would be appreciated.
Thanks, -War
4 Replies
Thomas_Gobet_91Cirrostratus
Hi Warren,
You can check you LDAP attribute using this :
expr { [mcget {session.ldap.last.attr.YourVariableName}] == 0 }To do so, you have to create a box LDAP Query and add as many branch rules as differents values you have.
Warren_129981Thanks Thomas. That is what I was doing and can see the values associated to that variable. I found a solution. Right or wrongly. I created endpoints that would point to the front of the VS with a specific URI that I wrote an Policy to pick up and direct the traffic. ;) Thanks!
Thomas_GobetHi Warren,
You can check you LDAP attribute using this :
expr { [mcget {session.ldap.last.attr.YourVariableName}] == 0 }To do so, you have to create a box LDAP Query and add as many branch rules as differents values you have.
- Warren_129981Thanks Thomas. That is what I was doing and can see the values associated to that variable. I found a solution. Right or wrongly. I created endpoints that would point to the front of the VS with a specific URI that I wrote an Policy to pick up and direct the traffic. ;) Thanks!
