Has any progress on making an LDAP query from an iRule been made in recent versions? If so, can you provide details? I have a customer who is interested in load balancing HTTP traffic by selecting the pool based on LDAP query results. The search base and filters could potentially need to be changed per URI.
What's the latest on this?
Here are a few related posts I could find:
unRuleY - Sept 2005
Unfortunately, we use PAM for the backend of the auth engine and it only returns a boolean (authorized/not authorized). We have been looking at ways to allow querying a directory service for specific attributes, but nothing is currently planned for a release.
http://devcentral.f5.com/default.aspx?tabid=53&view=topic&forumid=5&postid=44724479
Querying different Group DNs
I got the answer from F5-Support, that it isn't possible to query different Group DNs:
"When you configure the LTM for a LDAP authentication, you can only configure on DN entry. That's why you have to choose the parent DN of the users groups and not try to set the users groups DNs themselves.
I would also suggest you read the following document :
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_sol_guide_943/sol_app_auth.html"
http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&tpage=1&view=topic&postid=30983
Aaron