LDAP attribute based LB

Cirrostratus

Sep 28, 2010

Hi Takahiro,

I haven't looked much at the default auth rules in 10.2, but I think the issue might be that tmm_auth_subscription is being set in RULE_INIT. All variables declared in RULE_INIT will be global in scope. Can you change the iRule event from RULE_INIT to CLIENT_ACCEPTED:


when CLIENT_ACCEPTED {
        set tmm_auth_subscription "*"
}

From the /config/bigip_base.conf:

These auth profile default rules can be optionally configured to subscribe

to out-of-band auth response data (obtained via AUTH::response_data).

Subscriptions are enabled by setting the variable tmm_auth_subscription

prior to system auth rule invoking AUTH::start call, e.g.,

when CLIENT_ACCEPTED {

set tmm_auth_subscription "*"

}

It is recommended to set this variable to "*". Although the value of

tmm_auth_subscription is not used at this time, it is anticipated that

it will eventually be passed as a parameter to AUTH::subscribe once

that function supports subscription-matching based on regular expressions.

Aaron

Forum Discussion

LDAP attribute based LB

Recent Discussions

Outlook application issue

Why does WAF block HTTP OPTION method

Rewriting Location Header in iRule

HA Configuration (One in primary and One in DR)

Sending a trusted certificate to server

Related Content

LDAP Query for Attribute

APM Cookbook: Modify LDAP Attribute Values using iRulesLX

Add SameSite attribute to APM Cookies

Lightboard Lessons: HTTP Cookie SameSite Attribute

Demystifying Time-based OTP