Forum Discussion

Nimbostratus

Feb 06, 2015

set ldap authentication attributes or LTM virtual server authentication profiles attribute in irules

Is there a way in irules to set either one of the following based on the http request path; the valid group attribute in the LDAP authentication configuration; the configuration attribute in t...

application delivery

BIG-IP Access Policy Manager (APM)

Employee

Feb 10, 2015

How are you planning to evaluate the Client Certificate group Memberships in LDAP with LTM? If you are using ACA, I highly recommend that you look at implementing APM, with ACA there is not much life left as far as support goes. https://support.f5.com/kb/en-us/solutions/public/14000/200/sol14263.html

Are you just validating the certificate with OCSP and setting a "group" membership from that? Or do you plan to validate the Client Certificate against OCSP, then validate the users memberships in LDAP?

If you plan to use ACA, you can find some guidance here: https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_configuration_guide_10_0_0/ltm_auth_profiles.html1192487

Since ACA relies heavily on irules, you should be able to modify many of the parameters from there.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)