Trying to do authentication with LDAP from iRule, not working
I'm trying to do some fairly simple authentication (basic auth to an ldap) for inbound traffic in an iRule and I'm having problems. At this point I'm pretty sure it's something I'm not doing right or that I don't have configured yet. I have tried with my own iRule, that didn't work. Then I tried using the sample ldap iRule provided with the F5, and that is behaving the same way. What they are both doing is, "not calling the LDAP server". Which in my case is OpenLDAP (slapd) on CentOS. When I tail my logs on the LDAP server it never shows a connection attempt from the F5 when I send a test message to the virtual server with the iRule. I can, however, run an ldapsearch from the command line on the F5 and get back a results. To my way of thinking, this eliminates network connectivity as an issues. There are no hints of errors in any of the logs on the F5. I have iRule logging set to Debug.
What I'm left with is something isn't either isn't configured or isn't configured properly in the F5.
Here is what I have configured:
1) Local Traffic > Profiles > Authentication > CRLDP Server:
-
IP of my LDAP
-
Port: 389
-
BaseDN: dc=mydomain,dc=local (I'm not sure if I need ou=People here or not, I have tried it both ways though)
2) Local Traffic > Profiles > Authentication > Configuration:
- points to the CRLDP Server above
3) Local Traffic > Profiles > Authentication > Profile:
- points to the Configuration above
4) Local Traffic > Virtual Servers > Auth-Test-VIP:
- Under Advanced config the "Authentication Profiles" contains the profile above.
I'm using a lot of "log local0" statements and it steps right through the AUTH:authenticate step but nothing shows up, good, bad, or otherwise, in the LDAP logs. But the iRule and logs are too big to post here.