Forum Discussion
Sheigh_65772
Cirrus
Here's my irule:
if {[ACCESS::policy agent_id] == "ldapsrchstr"} {
set lcu_ldapsearch_userCert "(&"
if { [info exists user_key_apm] and [table lookup -subtable $client_table $user_key_apm] != "" } {
set lcu_list [split [lindex [table lookup -subtable $client_table $user_key_apm] 2] ","]
foreach lcu_list_item $lcu_list {
append lcu_ldapsearch_userCert "(userCertificate=*" $lcu_list_item "*)"
}
append lcu_ldapsearch_userCert "(objectClass=user)(objectCategory=person))"
set lcu_ldapsearch_userCert [string map [list *OU= * *C= * *CN= * *O= *] $lcu_ldapsearch_userCert]
ACCESS::session data set session.custom.ldapsearchuserCert $lcu_ldapsearch_userCert
log local0. "trimmed newmethod ldapsrchstr apm session lcu_ldapsearch_userCert [ACCESS::session data get session.custom.ldapsearchuserCert]"
}
ltm log
May 10 11:19:04 bigip info tmm[19795]: Rule /Common/ldap_cert_use : trimmed newmethod ldapsrchstr apm session lcu_ldapsearch_userCert (&(userCertificate=*cn-value1*)(userCertificate=*ou-value1*)(userCertificate=*ou-value2*)(userCertificate=*ou-value3*)(userCertificate=*o-value1*)(userCertificate=*c-value1*)(objectClass=user)(objectCategory=person))
apm log
May 10 11:19:03 bigip notice tmm3[19796]: 01490544:5: eca9c6fa: Received client info - Type: IE Version: 10 Platform: Win7 CPU: WOW64 UI Mode: Full Javascript Support: 1 ActiveX Support: 1 Plugin Support: 0
May 10 11:19:03 bigip notice tmm3[19796]: 01490500:5: eca9c6fa: New session from client IP {clientip} (ST=/CC=/C=) at VIP {vip} Listener /Common/citrix_iapp.app/citrix_iapp_webui (Reputation=Unknown)
May 10 11:19:08 bigip err apd[13568]: 01490107:3: eca9c6fa: AD module: query with '\28&\28userCertificate=\2acn-value1\2a\29\28userCertificate=\2aou-value1\2a\29\28userCertificate=\2aou-value2\2a\29\28userCertificate=\2aou-value3\2a\29\28userCertificate=\2ao-value1\2a\29\28userCertificate=\2ac-value1\2a\29\28objectClass=user\29\28objectCategory=person\29\29' failed: Bad search filter, base: dc=my,dc=domain,dc=com, scope: 2, filter: \28&\28userCertificate=\2acn-value1\2a\29\28userCertificate=\2aou-value1\2a\29\28userCertificate=\2aou-value2\2a\29\28userCertificate=\2aou-value3\2a\29\28userCertificate=\2ao-value1\2a\29\28userCertificate=\2ac-value1\2a\29\28objectClass=user\29\28objectCategory=person\29\29 (-7)
Sheigh_65772
May 10, 2015Cirrus
Missed a closing } when I copied the irule over but its there