Forum Discussion

umiotoko_95283's avatar
Icon for Nimbostratus rankNimbostratus
Jun 05, 2012

Custom variable from LDAP

I have a VIP with APM using LDAP (Windows 2008 AD) for authentication, this much works fine. I need to grab some AD fields through the LDAP call and provide it to the application.



My thought was to use the custom variable feature in APM, create a customVariable.ldap."field-name" variable, then through an iRule, create a HTTP header "X-Application-"Field-name" and pass it on to the application.



My APM rule has a logon page, LDAP Auth, assign variable, then Allow.



I tried using Variable Assign (both secure, unsecure)


where customVariable.ldap.department = AAA atribute, agent LDAP, use KDAP attribute "department" .



This doesn't appear to work, if I check the user session report I see the custom variable, but it's always blank.



I'm not sure this is the best way to get at the data, so any suggestions would be appreciated.


2 Replies

  • OK, figured it out. APM log rule was LogonPage-->LDAPAuth-->Allow.



    The LDAP fields are not brought over unless a LDAPquery is used, so modifying the rule to:



    LogonPage-->LDAPAuth-->LDAPQuery---> Allow.



    Fixed the problem. I didn't need the LDAPquery here, but by inserting it (member of domain users) we get all the LDAP fields back, so it was just a process problem. Doh !