Forum Discussion

Esecurity_26019's avatar
Esecurity_26019
Icon for Nimbostratus rankNimbostratus
May 13, 2016

Querying AD in iRule using Certain attribute to fetch info against that Attribute BIG IP APM

I Have hosted an Application in BIG IP APM using the Web Application Access Management for Local Traffic Virtual Servers. The Log in credentials are the AD credentials.

 

I am already passing the Username entered in the Login Screen using the iRule as :

 

when ACCESS_ACL_ALLOWED { set user [ACCESS::session data get "session.logon.last.username"] HTTP::header insert "X-USERNAME" $user }

 

Through this i am able to pass Username in header.

 

My ques is whether it is possible to query AD and fetch information and diff fields from AD and filter some using username as the serach criteria. Passing Through header is not an issue now, Pls help in fetching info.

 

application delivery
ASM Advanced WAF
LTM
security

2 Replies

  • Michael_Jenkins's avatar
    Michael_Jenkins
    Icon for Cirrostratus rankCirrostratus
    May 13, 2016

    Within your policy in the VPE, are you using authenticating the user to AD after they provide their login credentials? You could add an 

    AD Query
    item there to grab whatever AD properties you need and then access them within the iRule (e.g. session.ad.last.attr.).

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    May 17, 2016

    Hi,

    In AD Query, select required attributes.

    Then, change your irule to:

    when ACCESS_ACL_ALLOWED { 
    HTTP::header insert "X-USERNAME" [ACCESS::session data get "session.logon.last.username"]
    HTTP::header insert "X-sAMAccountName" [ACCESS::session data get "session.ad.last.attr.sAMAccountName"]
    HTTP::header insert "X-otherAttribute" [ACCESS::session data get "session.ad.last.attr.otherAttribute"]
    }