For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Moe_Jartin's avatar
Moe_Jartin
Icon for Cirrus rankCirrus
May 26, 2010

LDAP Authentication iRule... HELP

I am trying to write an iRule for an LDAP authentication profile. The irule will take the value of a cookie from every request and use it as the username AND password for which it will then validate ...
application delivery
dev
devops
iRules
Moe_Jartin's avatar
Moe_Jartin
Icon for Cirrus rankCirrus
May 28, 2010
Aaron,

 

 

Wow!!???!! Responding to Devcentral Forums at 1 AM?? I really appreciate it. It looks like your changes to the irule are working perfectly but, I have a couple of questions to complete my testing and validation.

 

 

1. I get a 401 response when either the LDSDEVKEY header is missing or not valid. Perfect.

 

2. I do not see any requests to the LDAP server on subsequent request. Unfortunately I didn't capture the intital request so I didn't see ANY queries. But when I put the old irule on I see LDAP queries on every request. So it appears that it is using the local session table. Is there a way to view the session table? A bigpipe shell command? I tried "b conn all show" but it was not there.

 

3. In the line where you add the session, "session add uie $ldsdevkey 1 1800", from the irule wiki, 1800 is the time in seconds that the session will remain in the table. Is this an absolute timer or an idle timer?

 

 

I will continue testing and post the final results. Thanks again for all your help.

 

 

Joe