Forum Discussion
NimbostratusF5 iRule for App/URL access with LDAP query
I am trying to write a iRule for Http/URL access with LDAP query for example
User A get access to Application/URL A, User B get access to Application/URL B, User C get access to Application/URL A + B and
User A would get access to Application B but he get just access to App/URL A (redirect), before the User get the access it shoult be check the
LDAP user credentials but the user shouldn't get a access mask or portal, it should check the LDAP user credentials form the local user at the
machine. What is the best way to realise this? I need examples for a solution please. Maybe someone has done this before. Just to explain, I
wanna check the user which has the access on a machine this user is in a specific ldap group and get just access to specific application or
URLs. In the iRule must well-defined the user group which get the access to a App/URL and the URL or Application address as well to compare
with the LDAP an the client. I have no idea how can I do this.
5 Replies
What_Lies_Bene1Cirrostratus
Apologies but could you reword your requirements, perhaps break them down a bit more please? Right now I'm struggling to understand them.
Manuel_57458Posted By What Lies Beneath on 11/13/2012 11:26 AM
Apologies but could you reword your requirements, perhaps break them down a bit more please? Right now I'm struggling to understand them.
Okay, we have 5 intranet server with intranet websites and some webapplication on this servers first step is just to load balance this servers. Then the webapplication or URLs (behind URLs are webapps or executables) should just user reach in a particular LDAP user group for example user A (john doe, pw:***) is in the LDAP usergroup webshop and user A should just reach the URL with the webshop behind because the the user is in the LDAP usergroup webshop. Other users from a usergroup like logistics shouldn't reach the webshop URL. One nice to have is some webapps need login data (username, password) from the user is it possible to read the login data from usermachine and after that to do somthing like a SSO (singlesignon) but important thing in this topic is to check, is the user in this LDAP usergroup and just the user in this group get the access to a particular webapp or URL. I hope you understand what I want to implement.- What_Lies_Bene1OK, understood now =]
I don't see any reason why this shouldn't be possible if you're running v11 LTM. You can use an LDAP profile and configuration to retrieve the data and an iRule to direct the traffic as appropriate. Unfortunately I don't have the experience to provide a low level configuration for you as well. Hopefully another member (Say, Kevin Stewart) can jump in and provide some further detail. - Manuel_57458Posted By What Lies Beneath on 11/14/2012 05:20 AM
OK, understood now =]
I don't see any reason why this shouldn't be possible if you're running v11 LTM. You can use an LDAP profile and configuration to retrieve the data and an iRule to direct the traffic as appropriate. Unfortunately I don't have the experience to provide a low level configuration for you as well. Hopefully another member (Say, Kevin Stewart) can jump in and provide some further detail.OKAY thats sounds nice but how can I activate this guys to help me here ? could you tell this guys may question I think you know all this guys ;)
THX.
- What_Lies_Bene1Your best bet to get Kevin's attention (seeing as he doesn't appear to have spotted this) is to pose your question again but in the Security forum.
