Irule for Ldap auth based on URL syntax

Hey Aaron

 

Thanks for that, much appreciated. :D

 

We have the module licensed now and have part of our configuration in place however we have one small problem.

 

We need to authenticate against multiple OU's within a LDAP directory.

 

Clients who try to access uri with a- can be authenticated off our staff OU while uri with a b- can be authenticated off the whole directory.

 

We are having trouble working out how to associate the two different authentication profiles? with the one virtual server, or utilising two authentication profiles within the one iRule.

 

Currently we have it authenticating with the b- using the following Irule, with an authentication profile pointing to the whole ldap tree.

 

How do we make it do this with the a- uri and the specific ldap OU?

 

when CLIENT_ACCEPTED {

 

set tmm_auth_ldap_sid [AUTH::start pam default_ldap]

 

}

 

when HTTP_REQUEST {

 

if {[HTTP::uri] contains "b-"} {

 

AUTH::username_credential $tmm_auth_ldap_sid [HTTP::username]

 

AUTH::password_credential $tmm_auth_ldap_sid [HTTP::password]

 

AUTH::authenticate $tmm_auth_ldap_sid

 

HTTP::collect

 

}

 

}

 

when AUTH_SUCCESS {

 

if {$tmm_auth_ldap_sid eq [AUTH::last_event_session_id]} {

 

HTTP::release

 

}

 

}

 

when AUTH_FAILURE {

 

if {$tmm_auth_ldap_sid eq [AUTH::last_event_session_id]} {

 

HTTP::respond 401

 

}

 

}

 

when AUTH_WANTCREDENTIAL {

 

if {$tmm_auth_ldap_sid eq [AUTH::last_event_session_id]} {

 

HTTP::respond 401

 

}

 

}

 

when AUTH_ERROR {

 

if {$tmm_auth_ldap_sid eq [AUTH::last_event_session_id]} {

 

HTTP::respond 401

 

}

 

}