Ldap Authentication failure redirects

I'm working on setting up LDAP authentication using _sys_auth_ldap irule. I've got this working fine but I have run into a couple of issues. The first is I want to redirect users to a failed login page after the third attempt. I have figured out how to redirect after the first attempt but I'm not sure of how to keep track of the failed attempts. I'm thinking of using the "session add" command but any pointers on how to do this would be greatly appreciated or if there is a better way.

 

 

Another issue I have run into is that if the user doesn't enter a password and fails three times they are given a blank page no error code or any kind of response. I see this same behavior when the user presses the cancel button on the authentication popup. Is there a way around this behavior?

 

 

My last issue that I'm seeing so far is the _sys_auth_ldap rule throws a TCL error everytime it is run. The error is below.

 

 

Jul 18 19:07:24 tmm tmm[30887]: 01220001:3: TCL error: Rule _sys_auth_ldap - while executing "AUTH::username_credential $tmm_auth_ldap_sid [HTTP::username]"

 

 

 

Thanks,

 

Jason

 

Version BIG-IP 9.1.1 Build 54.6