Logging frontended LDAP with SNAT

Question

Our organization frontends LDAP/LDAPS using F5 virtual servers with our DC's as nodes. We have implemented SNAT to resolve asymmetric routing to our DC's. We use an iRule to forward connection details for these VS's using HSL to a SIEM/syslog appliance. The current iRule solves a classic problem created by the SNAT--that of logging source IP addresses, which would be otherwise lost if we weren't logging from F5. Enough background--here's my question:&nbsp;
Has anyone been able to grab other details about the LDAP authentication session such as the user account? Is there a native way to extract this data through an iRule, or some other means such as reading the packet information?&nbsp;
Thanks.&nbsp;

nolipineda · Answer

https://devcentral.f5.com/wiki/iRules.LDAP_Stats_Measuring.ashx&nbsp;

krisdames_52343 · Answer

I too am looking for a solution for this same issue. I have recently become aware of the ASN1 set of commands and I believe they are the answer. Please let me know if anyone has solved this. I'll post my solution if/when I finish it.&nbsp;
https://devcentral.f5.com/wiki/iRules.ASN1.ashx&nbsp;
https://devcentral.f5.com/articles/ber-and-der-why-encoding-and-decoding-matter&nbsp;

Forum Discussion

Logging frontended LDAP with SNAT

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

LDAP Proxy

LDAPS vip - how to?

Need iRule for logging all LDAPS requests to HSL Splunk

LDAP Auth, LDAP Query with UPN fails

Logging DNS Requests

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS