Forum Discussion
Andrés_Ortiz_10
Nimbostratus
NimbostratusLDAP traffic
Hi,
I try to address my LDAP traffic according to it belongs to a IP range or another.
I think that I can do this by this way but
I don't know how to describe and compare range ...
Andrés_Ortiz_10Nimbostratus
Nimbostratusthe request that we send is:
ldapsearch -h 10.237.0.255 -b o=SIU "LOGIN-IP=10.146.248.2" MSISDN
we can not send mask in the request.
this is the irule:
...................................
class LDAP_GroupA {
"network 10.16.13.0/26"
}
class myPoolB{
"network 10.16.13.64/26"
}
...................................
when RULE_INIT {
set ::defaultPool myPool
}
when CLIENT_ACCEPTED {
TCP::collect
}
when CLIENT_DATA {
set LoginIP [findstr [TCP::payload] LOGIN-IP 9 "MSISDN"]
if {$LoginIP != ""}{
if { [matchclass $LoginIP equals $::LDAP_GroupA]}{
pool PoolA
} elseif { [matchclass $LoginIP equals $::LDAP_GroupB]}{
pool PoolA
}
} else {
pool $::defaultPool
}
TCP::release
}
............................................................................
We have tried in a real enviroment a it not works, it result the next error:
............................................................................
Jun 27 11:42:36 tmm tmm[1658]: 01220002:6: Rule LDAP_IRULE : IP Capturada: 10.146.248.200
Jun 27 11:42:36 tmm tmm[1658]: 01220001:3: TCL error: Rule LDAP_IRULE - missing "mask"Invalid class element 10.146.248.20 for class LDAP_GroupA invoked from within "matchclass $LoginIP equals $::LDAP_GroupA"
any idea to resolve this??
thanks in advantage
