Forum Discussion

maurox_59221's avatar
maurox_59221
Icon for Nimbostratus rankNimbostratus
Feb 10, 2014

APM OWA 2010 webful/webreadyl

Hi all, I'd like to configure the APM for the OWA 2010 services (OWA Portal+ authentication on APM).   The APM portal has to authenticate (using LDAP) the users and, if the user belongs to a spec...
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Feb 10, 2014

Maybe one of the easiest thing would probably be something like this:

when ACCESS_ACL_ALLOWED {
    switch -glob [string tolower [ACCESS:data get session.ldap.last.attr.memberOf]] {
        "*groupa*" {
            pool groupa_pool
            WEBSSO::select groupa_sso
        }
        "*groupb*" {
            pool groupb_pool
            WEBSSO::select groupb_sso
        }
    }
}

The idea here is that, at the end of the access policy evaluation and every request afterwards, you'll switch on the group membership value obtained form the LDAP query, and then 1) send the request to a specific pool, and 2) select a specific SSO profile. The above is just an example, so your specific implementation might be different based on how you query LDAP and what you're looking for. In 11.4+ you can use the LDAP Group Resource Assignment agent in the VPE to select resources (like a pool) based on group membership, but you'd still have to use an iRule to select an SSO profile.