Forum Discussion

Warren_129981's avatar
Warren_129981
Icon for Nimbostratus rankNimbostratus
Nov 20, 2013

APM directing user flow based on LDAP query

Morning,

What is the best way to address the following situation: APM VPE is a basic setup:

    Logon Page -> LDAP Query -> LDAP Auth -> SSO Cred Mapping -> Allow

Complicated part comes with the LDAP Query branch rules. Aside from the state checks that I need to make, there is a variable I fetch that can have 3 states (0, 1, 2). Each of these states will have unique branches to direct the user to different locations. How do I tell APM to do this?

    Logon Page -> LDAP Query -> state=0 -> Not authorized -> back to front door (end point?)
                             -> state=1 -> Undetermined state -> go to a specific location on a backend server
                             -> state=2 -> Authorized -> go to default location (LTM default pool picks this up?) -> Allow

I thought it was done with adding a "Pool Assign", but then I don't see a way to specify a specific location on the destinations web server to go to. (ie. http://webserver/a/b/c.html) Not clearly understanding which fires first, I have been thinking that maybe I should be using APM Policies or iRules to trigger the event to go to specific locations as well.

Any advice would be appreciated.

Thanks, -War

APM
policy
security

4 Replies

Sort By
  • Thomas_Gobet_91's avatar
    Thomas_Gobet_91
    Icon for Cirrostratus rankCirrostratus
    Nov 20, 2013

    Hi Warren,

    You can check you LDAP attribute using this : 

    expr { [mcget {session.ldap.last.attr.YourVariableName}] == 0 }

    To do so, you have to create a box LDAP Query and add as many branch rules as differents values you have.

    • Warren_129981's avatar
      Warren_129981
      Icon for Nimbostratus rankNimbostratus
      Nov 21, 2013
      Thanks Thomas. That is what I was doing and can see the values associated to that variable. I found a solution. Right or wrongly. I created endpoints that would point to the front of the VS with a specific URI that I wrote an Policy to pick up and direct the traffic. ;) Thanks!
  • Thomas_Gobet's avatar
    Thomas_Gobet
    Icon for Nimbostratus rankNimbostratus
    Nov 20, 2013

    Hi Warren,

    You can check you LDAP attribute using this : 

    expr { [mcget {session.ldap.last.attr.YourVariableName}] == 0 }

    To do so, you have to create a box LDAP Query and add as many branch rules as differents values you have.

    • Warren_129981's avatar
      Warren_129981
      Icon for Nimbostratus rankNimbostratus
      Nov 21, 2013
      Thanks Thomas. That is what I was doing and can see the values associated to that variable. I found a solution. Right or wrongly. I created endpoints that would point to the front of the VS with a specific URI that I wrote an Policy to pick up and direct the traffic. ;) Thanks!