Quering LDAP AUTH information

What do you mean by side channel? Isn't the same sort of "side channel" created when you use BIGIP's LDAP authentication (which is really just an LDAP bind)? If so, then it should be a snap to support ldap searches (with configurable search filter and return attributes) in addition to ldap binds as the means by which BIGIP determines authentication success or failure...

 

 

For instance (pseudo code):

 

cert auth:

 

set ldapCertSubjectDNAttribute = "certSubjDN"

 

set authuser = (certificate's subject dn gotten during SSL handshake as shown in other iRule samples)

 

set searchFilter = "($ldapCertSubjectDNAttribute=$authuser)"

 

set returnAttributes = uid, usertype, useraccess

 

 

the holy grail:

 

set ldap_results = ldap_search $searchFilter $returnAttributes

 

 

then you could iterate thru ldap results and extract the uid, usertype, and useraccess values