ltm rule command AUTH ssl cc ldap username

iRule(1)		      BIG-IP TMSH Manual		      iRule(1)



AUTH::ssl_cc_ldap_username
       Returns a user name that the system retrieved from the LDAP database.

SYNOPSIS
       AUTH::ssl_cc_ldap_username AUTH_ID

DESCRIPTION
       Returns the user name that the system retrieved from the LDAP database
       from the last successful client certificate-based LDAP query for the
       specified authorization session . The system returns an empty
       string if the last successful query did not perform a successful client
       certificate-based LDAP query, or if no query has yet been performed.
       This command has been deprecated in favor of AUTH::response_data.

       AUTH::ssl_cc_ldap_username 

	    * Returns the user name that the system retrieved from the LDAP
	      database from the last successful client certificate-based LDAP
	      query for the specified authorization session .

RETURN VALUE
VALID DURING
EXAMPLES
	The rule below mimics the behavior of a BIG-IP 4.x authz configuration
	   "set auth hdr enable" and "onfailure username defaultuser". This rule
	would be used in conjunction with client certificate LDAP auth.

	when RULE_INIT {
	    set cc_ldap_username "defaultuser"
	    set tmm_auth_subscription "*"
	}
	when AUTH_RESULT {
	    array set auth_response_data [AUTH::response_data]
	    # set username [AUTH::ssl_cc_ldap_username]
	    set username [lindex [array get auth_response_data ccldap
	    if {username ne ""} {
		set cc_ldap_username $username
	    }
	}
	when HTTP_REQUEST {
	    HTTP::header insert "Authorization: [b64encode $cc_ldap_username:password]"
	}

	Similar rule logic to the above example would be used with this data to
	mimic the 4.x authz configuration "insert client status enable".

HINTS
SEE ALSO
CHANGE LOG
       @BIGIP-9.0.0 --First introduced the command.



BIG-IP				  2017-01-31			      iRule(1)