AUTH::ssl_cc_ldap_username¶
Description¶
Returns the user name that the system retrieved from the LDAP database
from the last successful client certificate-based LDAP query for the
specified authorization session <authid>. The system returns an
empty string if the last successful query did not perform a successful
client certificate-based LDAP query, or if no query has yet been
performed. This command has been deprecated in favor of
AUTH::response_data.
Syntax¶
AUTH::ssl_cc_ldap_username <authid>
AUTH::ssl_cc_ldap_username <authid>¶
- Returns the user name that the system retrieved from the LDAP database from the last successful client certificate-based LDAP query for the specified authorization session <authid>.
Examples¶
The rule below mimics the behavior of a BIG-IP 4.x authz configuration
“set auth hdr enable” and “onfailure username defaultuser”. This rule
would be used in conjunction with client certificate LDAP auth.
when RULE_INIT {
set cc_ldap_username “defaultuser”
set tmm_auth_subscription "*"
}
when AUTH_RESULT {
array set auth_response_data [AUTH::response_data]
# set username [AUTH::ssl_cc_ldap_username]
set username [lindex [array get auth_response_data ccldap<!--:reply:username] 1]-->
if {username ne ""} {
set cc_ldap_username $username
}
}
when HTTP_REQUEST {
HTTP::header insert “Authorization: [b64encode $cc_ldap_username:password]”
}
Similar rule logic to the above example would be used with this data
to mimic the 4.x authz configuration “insert client status enable”.