Load Balance Decision Based on AD group or ID

Question

Cisco Finess is new application to be load balanced in our environment. &nbsp;
They would like for us to LB to Server A or Server B based on AD Groups or User ID. &nbsp;
We looked at APM for a minute but the Business Side doens't want the users to have to login to the APM. Bascially a second login&nbsp;
So the Cisco Finess team is requesting we see if we have the F5 do a LDAP Query for this informantion. &nbsp;
To be honest I am little lost on this. In some of the forums, I see some Irules for Side band and others for ldap query.&nbsp;
We are running 13.1 &nbsp;

andy_mcgrath · Answer

First APM has Single Sign-On (SSO) features so a user could login through APM and then could automatically be signed into the backend application.&nbsp;
This would allow you to authenticate and query LDAP within the APM profile and then a simple iRule to select the correct Pool or Node to forward traffic too.&nbsp;

If you do not want to use APM then SIDEBAND connection or write an iRule LX solution.&nbsp;
Checkout LDAP Query From An iRule and/or Use APM With Non-HTTP Services for some help on doing the LDAP look up from within an iRule using Sideband.&nbsp;
From within an iRule LX you will simply need an LDAP query module like NPM simple-ldap-search&nbsp;

Forum Discussion

Load Balance Decision Based on AD group or ID

Recent Discussions

BIG IP LTM - Multiple application on single VIP with multiple ports allowed.

How to export a list of paired external service providers from APM?

Service discovery is not happening in AS3

Statistics ›› Analytics : HTTP : Overview

VS FORWARDING & ROUTE

Related Content

Identity-Aware decisions with JA4+

Load balancing method specific decision

Active/Active load balancing examples with F5 BIG-IP and Azure load balancer

Decision box design using js

Load Balancing TCP TLS Encrypted Syslog Messages

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS