For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

SysTopher's avatar
SysTopher
Icon for Nimbostratus rankNimbostratus
Jan 20, 2016

F5 LTM virtual server with dual LDAP sources using LDAP Proxy iRule

Hey everyone,   I'm looking to setup an LDAP virtual servers, but I need it to be able to check against two different domain LDAP sources. We have two domains and users who need to access an app...
application delivery
iRules
LTM
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Jan 21, 2016

Hi SysThopher,

 

since nobody has answered yet, I'll take my luck and try to help out... ;-)

 

The LDAP Proxy iRule is very advanced and developed for a very specific purpose. I guess it would require some pretty good LDAP protocol knowledge (or enought time to study all the required opcodes) to change this rule with success.

 

To estimate the required effort, you may answer a few simple questions...

 

  1. Is your LDAP application using a "simple" LDAP bind? (you may ask the vendor or use wireshark)
  2. Are your users providing a NT-DOMAIN or UPN notation or any other prefix or suffix that can be mapped to a given LDAP instance? Note: It would be already enough, if just one of your LDAPs uses a fixed convention...
  3. Are you using the LDAP just for a pure bind authentication, or do you need to read/write access to it?
  4. Are your application require LDAP or LDAPS access?

Cheers, Kai