Load Balance Decision Based on AD group or ID

Question

Cisco Finess is new application to be load balanced in our environment. &nbsp;
They would like for us to LB to Server A or Server B based on AD Groups or User ID. &nbsp;
We looked at APM for a minute but the Business Side doens't want the users to have to login to the APM. Bascially a second login&nbsp;
So the Cisco Finess team is requesting we see if we have the F5 do a LDAP Query for this informantion. &nbsp;
To be honest I am little lost on this. In some of the forums, I see some Irules for Side band and others for ldap query.&nbsp;
We are running 13.1 &nbsp;

andy_mcgrath · Answer

First APM has Single Sign-On (SSO) features so a user could login through APM and then could automatically be signed into the backend application.&nbsp;
This would allow you to authenticate and query LDAP within the APM profile and then a simple iRule to select the correct Pool or Node to forward traffic too.&nbsp;

If you do not want to use APM then SIDEBAND connection or write an iRule LX solution.&nbsp;
Checkout LDAP Query From An iRule and/or Use APM With Non-HTTP Services for some help on doing the LDAP look up from within an iRule using Sideband.&nbsp;
From within an iRule LX you will simply need an LDAP query module like NPM simple-ldap-search&nbsp;

Forum Discussion

Load Balance Decision Based on AD group or ID

1 Reply

Recent Discussions

Error while running ansible

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Related Content

Load balancing method specific decision

Active/Active load balancing examples with F5 BIG-IP and Azure load balancer

Decision box design using js

Demystifying Time-based OTP

NGINXaaS for Azure: Load Balancing