Forum Discussion
Kai_Wilke
Jan 22, 2016MVP
Hi SysTopher,
Did a quick test in my lab using wireshark, ldap admin and some existing hex replacement iRules.
Here are my results...
- It seems to be possible to make a simple routing decission on the initial LDAP bind using a well known username suffix/prefix pattern. Its plain ASCII...
- It seems to be possible to simply hex replace the Base-DN. But just as long as the input an output Base-DN name would have the same length.
- It seems to be possible to pad as much as needed SPACE characters into the Base-DN translation to maintain the same Base-DN length. (e.g App using "DC=itacs,DC=net" and F5 translating to "DC=itacs, DC=de")
- It seems to be possible to hex translate just the initial Base-DN search. Well, at least my LDAP client didn't complained that the Base-DN has entirely changed for the retrieved results. It has even followed the provided referals to the original Base-DN.
It shouldn't be that complicated to wrap my test snippets into an PoC iRule for further testings. Give me a few days... its weekend now.. 😉
Cheers, Kai