Geeks With Blogs
Nicholas Zurfluh blog

So far my testing has only substantiated  the RFCs that define LDAP communications.  Since the client first authenticates then subsequently makes its request operations, it would be impossible for Big-IP to identify the request without some theoretical LDAP proxy capability.  An LDAP proxy would need to authenticate a user locally and then identify the nature of a request, upon which Big-IP would then authenticate against the actual LDAP servers themselves and subsequently forward on the client request operation.

A possible alternative would be to use Sun System Directory Proxy Server, proxy the communications, once the Sun proxy determines that there is a write request operation, then have the proxy refer the client to a VS on Big-IP that balances load between one or more master LDAP servers.

Update, Vignette does not support LDAP referrals.

F5 official! LDAP v.2 rules will not work

This must be revisited with Big-IP version 9 to see if the new authentication/authorization module could provide a fix to applications that use LDAP v.2 requests.

Posted on Thursday, September 9, 2004 5:08 PM F5 networks | Back to top

Comments on this post: iRule that identifies LDAP v.2 read and write requests with Big-IP version 4.5.9

No comments posted yet.
Your comment:
 (will show your gravatar)

Copyright © Nicholas Zurfluh | Powered by: