Ldap query from ltm

Do I need the same irule that you've had previously suggested (that one that you've suggestd for an external LTM) or something more simple?

First, if you're doing APM on the load balancing appliance, the configuration is actually much simpler than I've described, and probably won't require much iRule code at all. Your APM access (visual) policy should, more or less, look like the following:

start - iRule event - LDAP Query - Allow

Where the iRule event is used to the extract any values necessary from the client request, the LDAP query (with an attached LDAP AAA) performs an LDAP query with the values provided, and then you either allow the traffic based on the success or failure of the LDAP query, or add additional conditions to the policy. The only iRule code you may need will be in pulling the necessary value(s) from the client request.

How can I test (locally on the APM/LTM, before starting to work with the irule) if the query will work as desired?

The easiest way to troubleshoot an APM access is to drop message boxes in the visual policy at different stages so that you can see where it's going, and potentially see session variables at different points. Add a message box where you want to see the path taken (ex. before and after the LDAP query). To see any session variables that may have been created, use the %{} syntax in the message box text fields. Exampele:

%{session.ldap.last.attr.userPrincipalName}