Unbind your LDAP servers with iRules
LDAP is one of the most widely used authentication protocols around today. There are plenty of others, but LDAP is undeniably one of the big ones. It comes as no surprise then that we often hear diff...
Published Oct 09, 2008
Version 1.0Colin_Walker_12
Historic F5 Account
Joined May 12, 2005
Colin_Walker_12
Historic F5 Account
Joined May 12, 2005
Nat_Thirasuttakorn
Mar 15, 2013Employee
Hi Neha,
This code seems to do the opposite of what you are looking for. It prevents UNBIND message to be sent to server so that it can keep server connection open for reuse.
If I understand correctly, in your case, you might want to detect idle client connection in iRule, and try to UNBIND the connection before it is terminated by server? or please feel free to correct me if I am wrong.
maybe something like this...
when CLIENT_ACCEPTED {
set client_idle_time 0
set disconnect [expr [IP::idle_timeout] * 0.8]
after 1000 -periodic {
incr client_idle_time
if { $client_idle_time > $disconnect } {
unbind
TCP::payload replace 0 0 $static::unbind_message
}
}
}
when CLIENT_DATA {
reset idle time when there is data
set client_idle_time 0
}
the $static::unbind_message could be created in RULE_INIT
for example, use something like
set static::unbind_message [binary format H* "30050201034200"]
Nat