For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Arthur_7109's avatar
Arthur_7109
Icon for Nimbostratus rankNimbostratus
Jul 05, 2010

What is in [AUTH::response_data] with auth_ssl_cc_ldap authentication

Hi,     I have auth_ssl_cc_ldap working. It checks for the existence in the LDAP server of the user based on the CN in the client certificate.     Now I need an irule that checks that a fi...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Jul 06, 2010
Hi Arthur,

 

 

I would have expected AUTH::response_data to return the auth status in 'ccldap:reply:status ' for successful auth attempts. If you're not seeing anything on successful attempts, I'd open a case with F5 Support.

 

 

I don't expect you'll be able to get any other detail about the user from LDAP though. The cert validation seems to be hardcoded to check one field when supplied with the full cert. And the auth response only contains details about the auth status--not arbitrary ldap query results.

 

 

It's a shame that you can't do a more arbitrary auth database query (or even queries) and check for more than a binary response. A lot of customers have mentioned similar requests.

 

 

Aaron