Password Reset using LDAP for Active-Sync User

Hello Everyone,

 

I am new to APM and currently working on an APM setup for MS-Exchange. I am using Access Policy manager for authenticating users to Exchange active-Sync. Users will authenticate on the F5 APM and will do a SSO to Exchange servers. LDAPS is the Protocol used for Authentication (due to Customer requirement). Everything works fine till it reaches point where users want to reset their password (password Expired on the DC). User reset their password, but after password reset they get the "Password Prompt Again and Again until the old session in the APM is cleared. When the user change the password and try to connect, I could see more than one session for the same user. When I manually clear the old session, the prompt disappears and it automatically connects.

 

What we identified was LDAP protocol is returning an Attribute as below and APM is not able to parse this attribute an clear the Old APM session.

 

session.ldap.last.attr.pwdLastSet == 131128776211015000 session.ldap./Common/MS_Exchange_2013.app/exch_act_ldap_query_ag.attr.pwdLastSet == 131128776211015000 These are created during the LDAP Query action in the Access Policy

 

So the only way to fix this problem is by creating an iRule that will determine if the connecting client already has a session active, use the "pwdLastSet" value to see if the user's password has been changed since the start of the currently active Access Policy, then require the user to redo the Access Policy evaluation for access to Exchange with the new password.

 

I would appreciate if you could guide me construct an iRule that will meet my requirement or any guidance to that will be appreciated.

 

Cheers Saneesh