Forum Discussion
How do I pass IMAP(s) to APM for NTLM/AD Group Membership authentication?
My internal MS Exchange 2010 CAS and MB platforms are setup to enable IMAP globally to all domain users, and my v11.6 LTM is properly handling all the iApp features to support OWA, ECP, IMAP, ActiveSync, etc. internally as well. Externally, we have an additionally iApp that serves public-facing ActiveSync, as well as utilizes the APM functionality to limit OWA and Outlook Web access to specific Active Directory users.
We now have a need to extend that 'limited' external use to IMAP as well, but have not been able to figure out how to configure an iRule that will pass SSL (tcp/993) NTLM-based IMAP user credentials into APM for pre-authentication, prior to allowing connectivity. I have found many examples that use "ACCESS::policy" and "ECA::enable" that I think are just what I need, but everything I have tried requires that I associate an Access Policy directly to the Virtual Server which then requires I associate a HTTP profile, breaking IMAP communications completely.
- Stanislas_Piro2Cumulonimbus
Hi,
ECA profile challenge client with
HTTP header.WWW-Authenticate NTLM
Maybe you can create a HTTP virtual server with NTLM auth enabled... then create a IMAP VS with irule creating a sideband connection to HTTP VS converting IMAP NTLM header to HTTP header, then parse response to search HTTP NTLM headers and convert to IMAP...
such an interesting challenge.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com