Forum Discussion

frank_30469's avatar
Icon for Nimbostratus rankNimbostratus
May 13, 2011

ldap authentication




I have a problem with an iRule for ldap authentication.


All related info is asked and returned from the ldap, but sometimes, not all information is forwarded to the backend webserver.


Does anyone have any information about how to troubelshoot this? Or an update to the iRule?



This is the iRule:



when RULE_INIT {


set tmm_auth_subscription "*"






AUTH::subscribe $tmm_auth_sid set Auth [b64decode [substr "[HTTP::header values Authorization]" 7 "\}"]]


set User [getfield $Auth ":" 1] log local0. "User $User"


set Pass [getfield $Auth ":" 2] log local0. "Pass $Pass"


set Email [getfield $Auth ":" 3] log local0. "Email $Email"


set Code [getfield $Auth ":" 4] log local0. "Code $Code"


set CityName [getfield $Auth ":" 5] log local0. "ProxyCityName $CityName"


set StreetName [getfield $Auth ":" 6] log local0. "StreetName $StreetName"


set Name [getfield $Auth ":" 7] log local0. "Name $Name"






set mystatus [AUTH::status]


log local0. "mystatus"


log local0. $mystatus


array set auth_response_data [AUTH::response_data]


log local0. "AUTH::reponse_data"


set arraydata [lindex [array get auth_response_data ldap:attr:sAMAccountName] 1]


log local0. $arraydata


set arraydata2 [lindex [array get auth_response_data ldap:attr:st] 1]


log local0. $arraydata2


set arraydata3 [lindex [array get auth_response_data ldap:attr:mail] 1]


log local0. $arraydata3


set arraydata4 [lindex [array get auth_response_data ldap:attr:postOfficeBox] 1]


log local0. $arraydata4


set arraydata5 [lindex [array get auth_response_data ldap:attr:l] 1]


log local0. $arraydata5


set arraydata6 [lindex [array get auth_response_data ldap:attr:streetAddress] 1]


log local0. $arraydata6


set arraydata7 [lindex [array get auth_response_data ldap:attr:name] 1]


log local0. $arraydata7


log local0. "arraydata" log local0. $arraydata


set sizearray [array size arraydata]


log local0. "arraysize"


log local0. $sizearray


if { $mystatus eq 0 } {


HTTP::header insert X-USERID $arraydata


HTTP::header insert X-USERGROUP $arraydata2


HTTP::header insert X-EMAIL $arraydata3


HTTP::header insert X-CODE $arraydata4


HTTP::header insert X-CITYNAME $arraydata5


HTTP::header insert X-STREETNAME $arraydata6


HTTP::header insert X-NAME $arraydata7


log local0. "passed if string" }



2 Replies

  • Hi Frank,



    What do you see logged to /var/log/ltm when the issue occurs? Which LTM version are you using the iRule on?



  • Aaron,



    we are using version 10.2.



    Int the ltm log file, when the wrong screen appears, all attributes are cleared, so nothing is forwarded to the backend server.



    Some other thing I noticed yesterday evening, when checking the packet traces between the F5 and the LDAP server, I noticed that when the wrong screen appeared, the F5 is not sending a SearchRequest to the LDAP server. I'm currently in contact with F5 support to see if that may be the problem and how to solve it.