Forum Discussion
2 Replies
Sort By
- hooleylistCirrostratusHi Skynard,
- Ken_CottrellNimbostratusThanks for the reply Aaron,
If the clientside connection is encrypted and you want to inspect the decrypted payload, I think you'd need to use SSL::collect and SSL::payload on v10.x to handle this. Or in v9.4+ you could use a simple iRule on the existing SSL VIP which uses the command to call a second internal VIP which uses the LDAP proxy iRule enabled.
Aaron
I made the following changes to the iRule we are using for non-SSL LDAP traffic, but am still getting simple bind failed, connect reset.
I am also not seeing any log entries for this rule when setting debug on.
I changed TCP::collect and TCP::payload with SSL::collect and SSL::payload in the existing iRule.
I also ended up changing:
CLIENT_ACCEPTED to CLIENTSSL_HANDSHAKE
CLIENT_DATA to CLIENTSSL_DATA and
SERVER_ACCEPTED to SERVERSSL_HANDSHAKE
SERVER_DATA to SERVERSSL_DATA
I also changed TCP::release and TCP::respond to SSL::releae and SSL::respond.