Setting LDAP operation limit

Hi,

 

 

I look for an iRule which would allow to set operations' limits to a pool of LDAP servers. The limits are to be set per binddn and per operation i.e. I want to limit for example: searches by user A to no more than 10 per second while allowing him/her max. 2 mods per second and at this same time user B should have limit set to 100 search ops per second, etc.

 

Note that it is not 'simple' connection limiting. We need to parse and count bind requests coming from the clients and create some structure which counts current (different) operations per bind dn. Imposing limit should not break the offending connection(s) - rather should just delay them until 'queue' has a slot to service them.

 

 

I wonder if something like this is doable or might be even already done. I have seen directory proxy software doing this but as we would have f5 in front of ldap pool as well I wanted to create such functionality here if possible.

 

 

Any hints greatly appreciated

 

 

Regards

 

 

Andrzej