set ldap authentication attributes or LTM virtual server authentication profiles attribute in irules

Thanks for the response Michael J. We're in the early stage of implementing the LTM and we were able to fumble through and set-up the client certificate with LDAP authentication. Within the LDAP authentication configuration, we specify a valid group. I'm wondering, if it's all possible with irules, how to change/update the valid group based on the http::request, similar to what we could do with pools. If not, how about the other two attributes I mentioned above. As for the client certificate, it'll be validated against OCSP, then the user group membership in LDAP. We have not explored the APM as of yet and how to accomplish as such. I'm hoping to get some detailed examples/suggestions. Thanks,