Irule that writes value to Active Directory

Aviv · ‎01-Dec-2020

Hi,

i need to find which users are not using some application i have publish by apm.

i want to write the date of a successful authantication to an attibutre in the active directory .

Can i do it by irule?

can some write an exemple of irule that write value to AD please?

***At the AD i will search for that value every day and i will remove permission to all users that did not login for x days.

Thanks,

Aviv

Simon_Blakely · ‎01-Dec-2020

Aviv,

The answer is - it's possible, but really hard.

You would need to create what is called a side-band TCP connection in the irule to send correctly-formatted data to the AD server. If the AD server uses TLS, you would need to handle the encryption (or pass your side-band through a virtual with a server-ssl profile). At the very least, your irule will be responsible for handling every step of the LDAP protocol to bind, authenticate, and then update the attribute.

It would be easier to do this using irulesLX, as there is bound to be a NodeJS library to handle the LDAP operation. But irulesLX is a separate license.

It would be way easier just to log usage data from the irule to a remote syslog server, and use those logs to make your decision about permissions.

Aviv · ‎01-Dec-2020

Hi Simon ,

Thanks for your answer.

i do have license for iruleLX can you point me for an exemple ?

Simon_Blakely · ‎01-Dec-2020

I don't have any irulesLX expertise - you would need to start here:

iRulesLX Home

DevCentral

Irule that writes value to Active Directory