For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
May 22, 2014

I would concur on the point that anything you do in iRules is going to be more than you expected. LDAP is a binary protocol, so to be able to see inside an LDAP packet that you're proxying, you have to do some binary manipulation - not fun. Also take a look at this "LDAP proxy" iRule. At the very least it'll give you a sense of the complexity.

 

https://devcentral.f5.com/wiki/iRules.LDAPProxy.ashx

 

Of course, depending on your environment, you could potentially offload that LDAP auth to the F5 via the APM module, which would give you much greater visibility into the LDAP process itself.