cwat_115731
Jul 20, 2017Nimbostratus
rewrite ldaps request
Hello,
I have to rewrite an LDAPs request by an irule. My goal is replace a string by another one. Here is objectClass=person to objectClass=*
I tried differents things but LDAP server doesn't understand what I sent to it.
Here is my code. I put key word "LDAP" in my log to grep it easily
Code
when RULE_INIT {
translate into hexa
binary scan "objectClass=person" H* static::class1
binary scan "objectClass=*" H* static::class2
}
when CLIENTSSL_HANDSHAKE {
SSL::collect
}
when CLIENTSSL_DATA {
binary scan [SSL::payload] H* temp(hex_ssl_payload)
if { $temp(hex_ssl_payload) contains $static::class1 } then {
SSL::payload replace 0 $static::class1 $static::class2
} else {
log -noname local0.debug "LDAP request NOK"
}
SSL::release
}
I don't really know if the tranlation into hexa is the right way.
Regards