Forum Discussion
Kevin_Stewart
May 22, 2014Employee
I would concur on the point that anything you do in iRules is going to be more than you expected. LDAP is a binary protocol, so to be able to see inside an LDAP packet that you're proxying, you have to do some binary manipulation - not fun. Also take a look at this "LDAP proxy" iRule. At the very least it'll give you a sense of the complexity.
https://devcentral.f5.com/wiki/iRules.LDAPProxy.ashx
Of course, depending on your environment, you could potentially offload that LDAP auth to the F5 via the APM module, which would give you much greater visibility into the LDAP process itself.