ldap vip irule

Question

We currently load balance LDAP (tcp-389) to multiple back-end auth systems. We use VLAN Groups so the end points can see the source ip information. We are moving off to a SNAT model but we will need to log several fields in the incoming LDAP connection.&nbsp;
Has anyone done this or is it even possible??&nbsp;

kai_wilke · Answer

Hi Kulastone,&nbsp;
iRules can parse LDAP out of the box. But LDAP request are ASN.1/BER encoded with a plain-text query part. So depending on your detailed logging requirements, you wouldn't need to dig into the ASN.1/BER encoded part and use rather simple [string] commands to retrive the log information directly out of the queries.&nbsp;
If you're able to specify the detailed logging requirements, I could help you to find the right starting point.&nbsp;
Cheers, Kai&nbsp;

chandutns_30963 · Answer

I have the same requirement, I am able to parse till certain fields using ASN1 but the searchRequest - filter is very complex so not able to sort out. Is there a better way to parse the complete filter string?

F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

ldap vip irule

2 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

can't access on prem dns when using F5LTM as a gateway

Issue with TLS Version 1.1 Deprecated Protocol

Service discovery is not happening in AS3

Load balanced RDP VIP use in APM

Deleting an AS3 Tenant

Related Content

LDAPS vip - how to?

LDAP Proxy

VIP in https that redirect to another vip in https

Lightboard Lessons: Vip Targeting Vip

Google Authenticator iRule For Two-Factor Auth With LDAP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS