Forum Discussion

Nimbostratus

Oct 12, 2017

Use session.ldap.last.attr.userPrincipalName in an iRule

Hello, In an iRule, I want to compare the userPrincipalName fetched from LDAP with the DN of an SSL certificate. I have successfully extracted the email address from the certificate in a va...

Cumulonimbus

Oct 12, 2017

Hi,

are you sure the userPrincipalName is fetched by the LDAP query?

I recommend to do this check with variable assign instead of irule.

session.custom.result ==

expr {[mcget {session.ldap.last.attr.userPrincipalName}] == [mcget {session.cert.UPN}]}

this will return 1 if same value, 0 if different.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Use session.ldap.last.attr.userPrincipalName in an iRule

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

How to configure ssh access by key on F5OS

F5 BIG-IP DNS/Audit Logs — Structured Format for SIEM Ingestion

Bot Defense causing a lot of false positives

Recommendation for Adv. Lab

iRules for recreation: HTTP Protocol Parser implemented using BIG-IP iRule(unfinished)

Related Content

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

JSON-query'ish meta language for iRules

iRules Style Guide

Working with JSON data in iRules - Part 1

Working with JSON data in iRules - Part 2

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS