kpiti_52215
Apr 04, 2012Nimbostratus
LDAP profile for non HTTP protocols
I've created a LDAP profile based on _sys_auth_ldap which works perfectly with a HTTP VS (testing purposes only). What I actually want to do is to authenticate POP3 users with their credentials via iRule. The trouble is that when I create a POP3 VS and associate my LDAPauth profile, it wants me to associate an HTTP of FASTHTTP profile as well which is rather bogus on POP3 VS. And if I don't add an Auth profile, I can't use it in iRule..
As it seems the devil is is the fact that the "generic" stock LDAP profile on which you need to base any LDAP profiles has HTTP built in - /config/profile_base.conf:
ltm auth profile ldap {
configuration none
credential-source http-basic-auth
defaults-from none
enabled yes
rule _sys_auth_ldap
type ldap
}
Now, even if I do associate an HTTP profile to it (which is stupid from the start) when I call AUTH::authenticate from the iRule I always get auth fail but in reality the LDAP is not even querried so there is no authentication whatsoever. And I can't modify the ldap profile's credential-source in advanced GUI or anything AFAIK.. I couldn't find where _sys_auth_ldap is defined either.
I gather poking around profile_base.conf isn't really the way to go so is there a way to create an LDAP profile which would work on non-HTTP/S protocols? Or alternatively (poking yes) are there any docs on ltm auth profile configuration? I'm on v11.1 if it matters..
Any help highly appreciated
Jure