rqmang_178521
Feb 06, 2015Nimbostratus
set ldap authentication attributes or LTM virtual server authentication profiles attribute in irules
Is there a way in irules to set either one of the following based on the http request path;
- the valid group attribute in the LDAP authentication configuration;
- the configuration attribute in the LDAP authentication profile;
- the authentication profiles attribute in the virtual server LTM.
We are doing a client certificate authentication using LDAP and we want to check the client's group membership based on the http request path. For example, uri /web/app1, clients with valid certificates are members of the group userapp1; uri /web/app2, clients with valid certificates are members of the group userapp2. We simply do not want to allow clients in the group userapp1 to uri /web/app2, and vice versa.
Not sure if this can be done with irules or what would be a good alternative. Thanks,