F5 iRule for App/URL access with LDAP query

I am trying to write a iRule for Http/URL access with LDAP query for example User A get access to Application/URL A, User B get access to Application/URL B, User C get access to Application/URL A + B and User A would get access to Application B but he get just access to App/URL A (redirect), before the User get the access it shoult be check the LDAP user credentials but the user shouldn't get a access mask or portal, it should check the LDAP user credentials form the local user at the machine. What is the best way to realise this? I need examples for a solution please. Maybe someone has done this before. Just to explain, I wanna check the user which has the access on a machine this user is in a specific ldap group and get just access to specific application or URLs. In the iRule must well-defined the user group which get the access to a App/URL and the URL or Application address as well to compare with the LDAP an the client. I have no idea how can I do this.

 

Okay, we have 5 intranet server with intranet websites and some webapplication on this servers first step is just to load balance this servers. Then the webapplication or URLs (behind URLs are webapps or executables) should just user reach in a particular LDAP user group for example user A (john doe, pw:***) is in the LDAP usergroup webshop and user A should just reach the URL with the webshop behind because the the user is in the LDAP usergroup webshop. Other users from a usergroup like logistics shouldn't reach the webshop URL. One nice to have is some webapps need login data (username, password) from the user is it possible to read the login data from usermachine and after that to do somthing like a SSO (singlesignon) but important thing in this topic is to check, is the user in this LDAP usergroup and just the user in this group get the access to a particular webapp or URL. I hope someone understand what I want to implement and can help me with examples !