ldap vip irule

Question

We currently load balance LDAP (tcp-389) to multiple back-end auth systems. We use VLAN Groups so the end points can see the source ip information. We are moving off to a SNAT model but we will need to log several fields in the incoming LDAP connection.&nbsp;
Has anyone done this or is it even possible??&nbsp;

kai_wilke · Answer

Hi Kulastone,&nbsp;
iRules can parse LDAP out of the box. But LDAP request are ASN.1/BER encoded with a plain-text query part. So depending on your detailed logging requirements, you wouldn't need to dig into the ASN.1/BER encoded part and use rather simple [string] commands to retrive the log information directly out of the queries.&nbsp;
If you're able to specify the detailed logging requirements, I could help you to find the right starting point.&nbsp;
Cheers, Kai&nbsp;

chandutns_30963 · Answer

I have the same requirement, I am able to parse till certain fields using ASN1 but the searchRequest - filter is very complex so not able to sort out. Is there a better way to parse the complete filter string?

Forum Discussion

ldap vip irule

2 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

VIP in https that redirect to another vip in https

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

Unblock Request WAF

F5OS login with admin/root failed via console

TLS handshake failure from BIG-IP to backend – Fatal Alert: Decode Error (Server SSL)

Related Content

LDAPS vip - how to?

LDAP Proxy

Lightboard Lessons: Vip Targeting Vip

Google Authenticator iRule For Two-Factor Auth With LDAP

Unbind your LDAP servers with iRules

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS