iRule with AD

Question

Hi.&nbsp;
I'm new to iRule.&nbsp;
Actually, We have a Active Directory pool with BIG-IP LTM. I wanted to ask if is possible to create a iRule that log all for a given user.&nbsp;
For example, We want to log for "abcd" user each time is authenticated in a server. It's possible??&nbsp;
Thanks.&nbsp;

nitass · Answer

prior to 11.5.0, you have to decode ASN.1 and parse ldap message yourself.&nbsp;
LDAP Proxy&nbsp;
https://devcentral.f5.com/wiki/iRules.LDAPProxy.ashx&nbsp;
beginning in 11.5.0, there is ASN1:: command available. anyway, you still have to parse ldap message yourself.&nbsp;
ASN1&nbsp;
https://devcentral.f5.com/wiki/iRules.ASN1.ashx&nbsp;

kevin_stewart · Answer

So you're actually load balancing AD servers? Which ports (389, 636, 445, 88, 53)? Parsing LDAP is not a trivial thing, with or without an ASN.1 decoder. Perhaps there's an easier way. Can you elaborate on how you have this configured?

Forum Discussion

iRule with AD

2 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

UCS Encryption Question

Unblock Request WAF

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

VIP in https that redirect to another vip in https

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

iRules Style Guide

Yubikey Authentication Modes and Azure AD integration via the APM

adding pool members in cli

Multiple AD Authentication

Adding Security HTTP Headers with an iRule for HSTS, XSS, Clickjacking and Content Web Protection

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS