AUTH::ssl_cc_ldap_status¶
Description¶
Returns the status from the last successful client certificate-based
LDAP query for the specified authorization session <authid>. The
system returns an empty string if the last successful query did not
perform a client certificate-based LDAP query, or if no query has yet
been performed. This command has been deprecated in favor of
AUTH::response_data.
Syntax¶
AUTH::ssl_cc_ldap_status <authid>
AUTH::ssl_cc_ldap_status <authid>¶
- Returns the status from the last successful client certificate-based LDAP query for the specified authorization session <authid>.
Examples¶
The rule below mimics the behavior of a BIG-IP 4.x authz configuration
“insert client status enable”. This rule would be used in conjunction
with client certificate LDAP auth.
when RULE_INIT {
set tmm_auth_subscription "*"
}
when AUTH_RESULT {
array set auth_response_data [AUTH::response_data]
# set cc_ldap_status [AUTH::ssl_cc_ldap_status]
set cc_ldap_status [lindex [array get auth_response_data ccldap<!--:reply:status] 1]-->
}
when HTTP_REQUEST {
HTTP::header insert "SSLClientAuthorizationStatus: $cc_ldap_status"
}