AUTH::ssl_cc_ldap

Description¶

Returns the status from the last successful client certificate-based LDAP query for the specified authorization session <authid>. The system returns an empty string if the last successful query did not perform a client certificate-based LDAP query, or if no query has yet been performed. This command has been deprecated in favor of AUTH::response_data.

Syntax¶

AUTH::ssl_cc_ldap_status <authid>

AUTH::ssl_cc_ldap_status <authid>¶

Returns the status from the last successful client certificate-based LDAP query for the specified authorization session <authid>.

Examples¶

The rule below mimics the behavior of a BIG-IP 4.x authz configuration “insert client status enable”. This rule would be used in conjunction with client certificate LDAP auth.

when RULE_INIT {
    set tmm_auth_subscription "*"
}
when AUTH_RESULT {
    array set auth_response_data [AUTH::response_data]
    # set cc_ldap_status [AUTH::ssl_cc_ldap_status]
    set cc_ldap_status [lindex [array get auth_response_data ccldap<!--:reply:status] 1]-->
}
when HTTP_REQUEST {
    HTTP::header insert "SSLClientAuthorizationStatus: $cc_ldap_status"
}

Related Information¶

Valid Events:

Warning

The links to the sample code below are remnants of the old DevCentral wiki and will result in a 404 error. For best results, please copy the link text and search the codeshare directly on DevCentral.

Sample Code:

Introduced: BIGIP-9.0.0

The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.

AUTH::ssl_cc_ldap_status¶

Description¶

Syntax¶

AUTH::ssl_cc_ldap_status <authid>¶

Examples¶

Related Information¶