NimbostratusWe currently load balance LDAP (tcp-389) to multiple back-end auth systems. We use VLAN Groups so the end points can see the source ip information. We are moving off to a SNAT model but we will need to log several fields in the incoming LDAP connection.
Has anyone done this or is it even possible??
MVPHi Kulastone,
iRules can parse LDAP out of the box. But LDAP request are ASN.1/BER encoded with a plain-text query part. So depending on your detailed logging requirements, you wouldn't need to dig into the ASN.1/BER encoded part and use rather simple [string] commands to retrive the log information directly out of the queries.
If you're able to specify the detailed logging requirements, I could help you to find the right starting point.
Cheers, Kai
NimbostratusI have the same requirement, I am able to parse till certain fields using ASN1 but the searchRequest - filter is very complex so not able to sort out. Is there a better way to parse the complete filter string?