Unbind your LDAP servers with iRules

LDAP is one of the most widely used authentication protocols around today. There are plenty of others, but LDAP is undeniably one of the big ones. It comes as no surprise then that we often hear diff...
Published Oct 09, 2008
Version 1.0
application delivery
automation
BIG-IP
dev
devops
iRules
management
monitoring
news
tech tip
Nat_Thirasuttakorn's avatar
Nat_Thirasuttakorn
Icon for Employee rankEmployee
Mar 15, 2013
Hi Neha,

 

 

This code seems to do the opposite of what you are looking for. It prevents UNBIND message to be sent to server so that it can keep server connection open for reuse.

 

 

If I understand correctly, in your case, you might want to detect idle client connection in iRule, and try to UNBIND the connection before it is terminated by server? or please feel free to correct me if I am wrong.

 

 

maybe something like this...

 

 


    when CLIENT_ACCEPTED {
        set client_idle_time 0
        set disconnect [expr [IP::idle_timeout] * 0.8]
        after 1000 -periodic {
            incr client_idle_time
            if { $client_idle_time > $disconnect } {
                unbind
                TCP::payload replace 0 0 $static::unbind_message
            }
        }
    }
    when CLIENT_DATA {
         reset idle time when there is data
        set client_idle_time 0
    }

 

 

the $static::unbind_message could be created in RULE_INIT

 

for example, use something like

 

 

set static::unbind_message [binary format H* "30050201034200"]

 

 

 

Nat