For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Seclab_Supporto's avatar
Seclab_Supporto
Icon for Nimbostratus rankNimbostratus
Jun 28, 2010

Intercept LDAP password expired

Hi all, I perform LDAP authentication with a custom iRule. I need to intercept when LDAP password has expired.... and then perform a redirect to an application to reset the password. Someone can hel...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Jul 05, 2010
As Hamish suggested, it would be good to open a support case to find out what kind of method F5 would recommend.

 

 

Hard coding the expire time in an iRule might work if you check if the current time minus the last change time is less than the expiry time. But that would break if the password expiry time was changed on the LDAP server.

 

 

I did notice that the attribute Rule ldap:attr:adminCount = 1 is present in the unexpired request and not present in the expired request. If that's always the case, you might be able to use that to detect an expired password.

 

 

Aaron