Forum Discussion
NimbostratusCreating apptunnels in iRules based on AD information
Hi,
I was wondering if there is a possibility to dynamically create objects in a webtop using iRules.
In our current setup we have multiple security groups for various servers which our users can access. For each of these groups we have to create an app/rdp tunnel entry and extend the advanced resource assignment in the APM Access Profile.
In an ideal situation i'd like to query if a securitygroup exists in Active Directory(based on a central mask, lets say: SG_LOCALADMIN_<SERVERNAME>), check if the given user is a member of this group and create a webtop APPTunnel based on the securitygroup's name instead of 'assigning' a pre-created item.
I've searched around for a few times now but i don't seem to be able to find anything even close to creating apptunnels in an iRule. So any help would be much appreciated.
Thanks in advance for replying!
Edit: Any other tip regarding creating dynamic items in irules would help, too. Maybe it could lead me in the right direction.
1 Reply
Hi Rene,
You can't create APM objects with iRules.
One of your options is to create the app tunnels or remote desktop RDP resources upfront. In the servername of the RDP/apptunnel resource assign a session variable per rdp /apptunnel resource (%{session.rdp.variable1}, %{session.rdp.variable2})
At the start of your policy after the AD auth you could perform an AD query for SG_LOCALADMIN_RDP_ and assign the query results to the session variable (session.rdp.variable1, etc).
Trim of the SG_LOCALADMIN_RDP_ part of the variable.
The BIG-IP will query the DNS for the ip address of the RDP resource and will present it to the user.
Another option would be to write an iApp to create the app tunnels from your AD and run the iApp every hour from cron.
Cheers,
Kees
