Forum Discussion
Tom_Anderson_91
Nimbostratus
NimbostratusLDAP authentication with specific attribute
We have a situation where we need to do URL authentication based on the makeup of a URL. For example, a URL containing the string "a-" should be accessible to staff only, and a URL containing the stri...
Tom_Anderson_91Nimbostratus
NimbostratusAaron - this is one of my colleagues! That was posted back when we were trying to nut out how to differentiate the authentication based on the URL. We have that part working now (using iRules and two authentication profiles) and it has been reliable in production for us for some months.
What we need to do now is change the authentication profile side of it. Currently it looks at OU's to determine if people are staff or student. Now that we're using single signon it needs to look at a specific value on a specific attribute in LDAP to determine if they have staff and/or student level access.
Example - Joe Bloggs is a staff member. His LDAP profile contains the attribute 'staff=1'. He needs to be able to authenticate to URLs with a- and b-. On the other hand, Mary Jones is a student and has the attribute 'student=1' and 'staff=0' - she needs to authenticate to b- URLs but not a-. Making this part of it happen is what I'm struggling with.
