APM iRule to "replicate" password change between AD and stand-alone servers

Hi Kai,

I hope you're still subscribed to this topic as I desperately need your help again!

I have now developed around 80% of this system just to discover that I cannot easily store anything in data groups from within iRules (or maybe my DevCentral/Google search skills are not as good as they could be :)).

To populate the shadow database I intercept the moment of creation of user accounts in that "DB-application", look up that account in AD (sideband) and store (currently just in system log):

1. mapping between AD user name and a corresponding user name in the DB-application
2. password for the account in the DB-application

Then when a user logs in, I authenticate him/her in AD, look up corresponding account of the DB-application in the data group and, if a matching value is found, I use this account and its password (taken from the data group) for the form-based authentication. Everything works very well with statically populated data groups and log files.

Hence the question - is there a way to permanently store on BigIP (from within iRules) low-volume HTTP data which I capture from user POST data? Neither space nor performance impact is an issue here - it's expected that the system will have from a few hundreds to a couple of thousands of user accounts, each taking up to 84 symbols (so way below 1MB).

I know that data groups were not designed to be used for this purpose but suspect (and very much hope) that there is some sort of a backdoor/workaround which could help me achieve the goal without going down the route of building an external facility where BigIP could store the same data using a sideband call...