Fun with ldap

I'm currently facing a problem and it looks liike this irule is most of the way toward what I need. I'm facing an application which performs an ldap modify to create an account, followed by a search to verify the account's existence, and finally another modify to set a password. As this occurs too quickly for our LDAP servers to replicate, we need to persist these connections. Since there's only a small number of client's connecting to this VIP, the result is far from ideal load balancing.

 

 

In order to correct this, I'm hoping to modify this irule to allow for persistence based on the CN extracted from the search or modify packet. I think I can handle most of this, but I'm not familiar with LDAP at such a low level as to be able to pull the CN from these packets. Can anyone help me out or point me in the right direction? With the above (wonderfully commented by the way) as a guide, I just need a little help in parsing out the CN from a SearchRequest or ModifyRequest.