Forum Discussion

Nimbostratus

Oct 12, 2017

Use session.ldap.last.attr.userPrincipalName in an iRule

Hello, In an iRule, I want to compare the userPrincipalName fetched from LDAP with the DN of an SSL certificate. I have successfully extracted the email address from the certificate in a va...

Cumulonimbus

Oct 12, 2017

Hi,

are you sure the userPrincipalName is fetched by the LDAP query?

I recommend to do this check with variable assign instead of irule.

session.custom.result ==

expr {[mcget {session.ldap.last.attr.userPrincipalName}] == [mcget {session.cert.UPN}]}

this will return 1 if same value, 0 if different.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Use session.ldap.last.attr.userPrincipalName in an iRule

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

F5 BIG IP laboratory license

F5 mssql health monitor failing

How can I get started with iCall

Connection Rest f5

Related Content

iRules Style Guide

Managing Model Context Protocol in iRules - Part 3

Managing Model Context Protocol in iRules - Part 1

Re: F5 HTTPS Redirect iRule Update

Hey DeepSeek, can you write iRules?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS