For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

maurox_59221's avatar
maurox_59221
Icon for Nimbostratus rankNimbostratus
Oct 22, 2013

Ldap query from ltm

Hi all, I'm searching an irule that would direct all the authenticated users (that belong to a specific group defined on the ldap profile/object) to a specific pool. All the others users (that aren't...
application delivery
devops
iRules
maurox_59221's avatar
maurox_59221
Icon for Nimbostratus rankNimbostratus
Nov 27, 2013

Hi Kevin,

I've already tested t the ACCESS::disable command, but something on the logic seemed wrong.

This irule where inserted above the irule with the regex (2 irule on this VIP):

when HTTP_REQUEST {
  if {!([HTTP::uri] contains "User")}{
  log local0. "we are here"
  ACCESS::disable
  pool pool-activesync
  }
}

I've also tried without the pool but nothing has changed:

when HTTP_REQUEST {
  if {!([HTTP::uri] contains "User")}{
  log local0. "we are here"
  ACCESS::disable
  }
}

This request is something unique for the first request. The device call the activeserversync server (without passing the user), the server asks for the credentials and the device send them on the URI (at least the User info that we need for the regex on the 2nd irule )

Thank for you help,

Mauro