For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Robert_Decker_2's avatar
Robert_Decker_2
Icon for Nimbostratus rankNimbostratus
Mar 06, 2006

LDAP redirect not working

How do you redirect _sys_auth_ldap? I've tried the following(x.x.x.x is the IP address of the web page I created):     replace HTTP::respond 401 with HTTP::respond "http://x.x.x.x" ...
application delivery
dev
devops
iRules
Robert_Decker_2's avatar
Robert_Decker_2
Icon for Nimbostratus rankNimbostratus
Mar 08, 2006
Thank you for the help Colin! I have been able to use your suggestion, however I am now having problems trying to place it in the Irule. I believe that I need to replace "HTTP::respond 401" with "HTTP::respond 302 Location "http://x.x.x.x", but have not been able to do it successfully. The only place where it fires is when I replace the last "HTTP::respond 401" under "when AUTH_WANTCREDENTIAL". The Irule then redirects right away without prompting for username/password. Could you/anyone tell me where this is best suited?

 

 

 

when AUTH_SUCCESS {

 

if {$tmm_auth_http_sids(ldap) eq [AUTH::last_event_session_id]} {

 

incr tmm_auth_http_successes

 

if {[info exists tmm_auth_http_sufficient_successes]} {

 

if {$tmm_auth_http_successes >=

 

$tmm_auth_http_sufficient_successes} {

 

foreach {type sid} [array get tmm_auth_http_sids] {

 

if {$type ne "ldap" && $sid ne -1} {

 

AUTH::abort $sid

 

array set tmm_auth_http_sids [list $type -1]

 

}

 

}

 

set tmm_auth_http_collect_count 0

 

HTTP::release

 

} else {

 

incr tmm_auth_http_collect_count -1

 

if {$tmm_auth_http_collect_count == 0} {

 

HTTP::respond 401

 

}

 

}

 

} else {

 

incr tmm_auth_http_collect_count -1

 

if {$tmm_auth_http_collect_count == 0} {

 

HTTP::release

 

}

 

}

 

}

 

}

 

 

 

when AUTH_FAILURE {

 

if {$tmm_auth_http_sids(ldap) eq [AUTH::last_event_session_id]} {

 

if {[llength [array names tmm_auth_http_sids]] > 1} {

 

if {[info exists tmm_auth_http_sufficient_successes]} {

 

incr tmm_auth_http_collect_count -1

 

if {$tmm_auth_http_collect_count == 0} {

 

HTTP::respond 401

 

}

 

 

} else {

 

foreach {type sid} [array get tmm_auth_http_sids] {

 

if {$type ne "ldap" && $sid ne -1} {

 

AUTH::abort $sid

 

array set tmm_auth_http_sids [list $type -1]

 

}

 

}

 

set tmm_auth_http_collect_count 0

 

HTTP::respond 401

 

}

 

 

} else {

 

set tmm_auth_http_collect_count 0

 

HTTP::respond 401

 

}

 

}

 

}

 

 

 

when AUTH_WANTCREDENTIAL {

 

if {$tmm_auth_http_sids(ldap) eq [AUTH::last_event_session_id]} {

 

if {[llength [array names tmm_auth_http_sids]] > 1} {

 

if {[info exists tmm_auth_http_sufficient_successes]} {

 

incr tmm_auth_http_collect_count -1

 

if {$tmm_auth_http_collect_count == 0} {

 

HTTP::respond 401

 

}

 

} else {

 

foreach {type sid} [array get tmm_auth_http_sids] {

 

if {$type ne "ldap" && $sid ne -1} {

 

AUTH::abort $sid

 

array set tmm_auth_http_sids [list $type -1]

 

}

 

}

 

set tmm_auth_http_collect_count 0

 

HTTP::respond 401

 

}

 

} else {

 

set tmm_auth_http_collect_count 0

 

HTTP::respond 401

 

}

 

}

 

}

 

 

 

when AUTH_ERROR {

 

if {$tmm_auth_http_sids(ldap) eq [AUTH::last_event_session_id]} {

 

if {[llength [array names tmm_auth_http_sids]] > 1} {

 

if {[info exists tmm_auth_http_sufficient_successes]} {

 

incr tmm_auth_http_collect_count -1

 

if {$tmm_auth_http_collect_count == 0} {

 

HTTP::respond 401

 

}

 

} else {

 

foreach {type sid} [array get tmm_auth_http_sids] {

 

if {$type ne "ldap" && $sid ne -1} {

 

AUTH::abort $sid

 

array set tmm_auth_http_sids [list $type -1]

 

}

 

}

 

set tmm_auth_http_collect_count 0

 

HTTP::respond 401

 

}

 

} else {

 

set tmm_auth_http_collect_count 0

 

HTTP::respond 401

 

}

 

}

 

}

 

 

 

 

Thank you for your help,

 

Rob