Loadbalancing based on group membership

Question

Hi,&nbsp;
&nbsp;I have a customer who wants to LB based on group membership.
&nbsp;Using sample in http://devcentral.f5.com/wiki/default.aspx/iRules/AUTH__response_data.html, I have created my rule, but it has been failing...
&nbsp;From tcpdump and log file, it seems like the authentication itself is success and group membership is sent to Big-IP, but somehow not working.&nbsp;
&nbsp;When RULE_INIT {
&nbsp;set tmm_auth_subscription "*"
&nbsp;}
&nbsp;when AUTH_RESULT {
&nbsp;log local0. "result is [AUTH::status]"
&nbsp;array set auth_response_data [AUTH::response_data]
&nbsp;set ldap_group [lindex [array get auth_response_data ldap:attr:isMemberOf] 1]
&nbsp;if { $ldap_group eq "CN=Sales,DC=rose,DC=lab" } {
&nbsp;log local0. "hit 197"
&nbsp;use pool iis197
&nbsp;} elseif { $ldap_group eq "CN=Tech,DC=rose,DC=lab" } {
&nbsp;log local0. "hit 240"
&nbsp;use pool iis240
&nbsp;}
&nbsp;}&nbsp;
&nbsp;Has anyone done this successfully?
&nbsp;If so, could you provide working example?&nbsp;
&nbsp;TIA,&nbsp;&nbsp;

dogg_dogg_23774 · Answer

I have been able to get this to work. 
&nbsp;so never mind.&nbsp;
&nbsp;Thanks.

Forum Discussion

Loadbalancing based on group membership

Recent Discussions

NetScaler to F5 Migration

LTM Rule, iRule, or Brute Force Configuration to Limit URL Access

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

AS3 Limitations

Related Content

Demystifying Time-based OTP

Cookie-based DDoS protection

Loadbalancing issue

Find GSLB pool membership from vip IP

JA4 Part 2: Detecting and Mitigating Based on Dynamic JA4 Reputation

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS