Forum Discussion
APM directing user flow based on LDAP query
Morning,
What is the best way to address the following situation: APM VPE is a basic setup:
Logon Page -> LDAP Query -> LDAP Auth -> SSO Cred Mapping -> Allow
Complicated part comes with the LDAP Query branch rules. Aside from the state checks that I need to make, there is a variable I fetch that can have 3 states (0, 1, 2). Each of these states will have unique branches to direct the user to different locations. How do I tell APM to do this?
Logon Page -> LDAP Query -> state=0 -> Not authorized -> back to front door (end point?)
-> state=1 -> Undetermined state -> go to a specific location on a backend server
-> state=2 -> Authorized -> go to default location (LTM default pool picks this up?) -> Allow
I thought it was done with adding a "Pool Assign", but then I don't see a way to specify a specific location on the destinations web server to go to. (ie. http://webserver/a/b/c.html) Not clearly understanding which fires first, I have been thinking that maybe I should be using APM Policies or iRules to trigger the event to go to specific locations as well.
Any advice would be appreciated.
Thanks, -War
4 Replies
- Thomas_Gobet_91
Cirrostratus
Hi Warren,
You can check you LDAP attribute using this :
expr { [mcget {session.ldap.last.attr.YourVariableName}] == 0 }
To do so, you have to create a box LDAP Query and add as many branch rules as differents values you have.
- Warren_129981
Nimbostratus
Thanks Thomas. That is what I was doing and can see the values associated to that variable. I found a solution. Right or wrongly. I created endpoints that would point to the front of the VS with a specific URI that I wrote an Policy to pick up and direct the traffic. ;) Thanks!
- Thomas_Gobet
Nimbostratus
Hi Warren,
You can check you LDAP attribute using this :
expr { [mcget {session.ldap.last.attr.YourVariableName}] == 0 }
To do so, you have to create a box LDAP Query and add as many branch rules as differents values you have.
- Warren_129981
Nimbostratus
Thanks Thomas. That is what I was doing and can see the values associated to that variable. I found a solution. Right or wrongly. I created endpoints that would point to the front of the VS with a specific URI that I wrote an Policy to pick up and direct the traffic. ;) Thanks!
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com