Forum Discussion
vaahtera
Nimbostratus
NimbostratusHSSR sideband connection for querying LDAP not working
I'm having this issue, that i can't get the sideband connection to work. Code is like this:
when HTTP_REQUEST {
set apikey [URI::query [HTTP::uri] api-key]
log local0. $apikey
if { $apikey eq "" } {
log local0. "apikey is empty, redirecting to another virtual"
virtual test-internal
} else {
log local0. "We got the apikey and begin HSSR connection"
set status [call /Common/HSSR::http_req -virt "/test-internal-api" \
-uri "http://test.com/[URI::encode $apikey]" \
-tag "custom" -key $apikey -rbody rbody]
if {($status == 200) && ($rbody ne "NOT_FOUND")} {
log local0. "HSSR query successful, redirecting traffic to pool"
pool test-pool
return
}
}
}
The test-internal-api virtual is assigned with access policy that has a simple LDAP query and a iRule that gets the reply for the sideband query.
Now when the user goes to that virtual where the iRule is assigned, ltm logs the following lines:
Nov 5 15:27:59 f5test01 info tmm1[17166]: Rule /Common/APIKEY <HTTP_REQUEST>: 010101-123N
Nov 5 15:27:59 f5test01 info tmm1[17166]: Rule /Common/APIKEY <HTTP_REQUEST>: We got the apikey and begin HSSR connection
Nov 5 15:27:59 f5test01 err tmm1[17166]: 01220001:3: TCL error: /Common/APIKEY <HTTP_REQUEST> - can't read "sts": no such variable while executing "set e "connect to ${dest} '${server}' fails: ${sts} (${conn})"" (iRule proc "/Common/HSSR::http_req") (line 430) invoked from within "call /Common/HSSR::http_req -virt "/test-internal-api" -uri "http://test.com/" -tag "custom" -key $apikey -r..." invoked from within "if { $apikey eq "" } { log local0. "apikey is empty, redirecting to another virtual" virtual test-internal..."
What is that sts and where should it come from? No matter what i do to the call, the error is the same...
vaahteraOk, got this a bit further. I was missing the /Common before the virtual server in the call. But now as the another virtual has this iRule code, it never get's to the ACCESS_POLICY_COMPLETED:
when HTTP_REQUEST { log local0. "Got http request to internal virtual" set apikey "" if {[HTTP::path] starts_with "/"} { regexp {/([^/]+)$} [HTTP::path] junk x set apikey [URI::decode $x] } } when ACCESS_SESSION_STARTED { if {$apikey ne ""} { log local0. "Access session started on internal virtual" ACCESS::session data set session.custom.apikey $apikey } } when ACCESS_POLICY_COMPLETED { set reply "NOT_FOUND" if {[ACCESS::session data get session.ldap.last.queryresult] == 1} { set reply [ACCESS::session data get session.ldap.last.attr.apikey] } log local0. "Access session policy completed with reply: $reply" ACCESS::respond 200 content $reply Content-Type "text/plain" Connection close }The access policy attached to this internal virtual contains only one LDAP query that ends in deny no matter what the query result is.
What am i missing here?