ltm rule command AUTH ssl cc ldap status
iRule(1) BIG-IP TMSH Manual iRule(1)
AUTH::ssl_cc_ldap_status
Returns the status from the last successful client certificate-based
LDAP query.
SYNOPSIS
AUTH::ssl_cc_ldap_status AUTH_ID
DESCRIPTION
Returns the status from the last successful client certificate-based
LDAP query for the specified authorization session . The system
returns an empty string if the last successful query did not perform a
client certificate-based LDAP query, or if no query has yet been
performed. This command has been deprecated in favor of
AUTH::response_data.
AUTH::ssl_cc_ldap_status
* Returns the status from the last successful client
certificate-based LDAP query for the specified authorization
session .
RETURN VALUE
VALID DURING
EXAMPLES
The rule below mimics the behavior of a BIG-IP 4.x authz configuration
"insert client status enable". This rule would be used in conjunction
with client certificate LDAP auth.
when RULE_INIT {
set tmm_auth_subscription "*"
}
when AUTH_RESULT {
array set auth_response_data [AUTH::response_data]
# set cc_ldap_status [AUTH::ssl_cc_ldap_status]
set cc_ldap_status [lindex [array get auth_response_data ccldap
}
when HTTP_REQUEST {
HTTP::header insert "SSLClientAuthorizationStatus: $cc_ldap_status"
}
HINTS
SEE ALSO
CHANGE LOG
@BIGIP-9.0.0 --First introduced the command.
BIG-IP 2017-01-31 iRule(1)