ltm rule command AUTH ssl cc ldap username
iRule(1) BIG-IP TMSH Manual iRule(1)
AUTH::ssl_cc_ldap_username
Returns a user name that the system retrieved from the LDAP database.
SYNOPSIS
AUTH::ssl_cc_ldap_username AUTH_ID
DESCRIPTION
Returns the user name that the system retrieved from the LDAP database
from the last successful client certificate-based LDAP query for the
specified authorization session . The system returns an empty
string if the last successful query did not perform a successful client
certificate-based LDAP query, or if no query has yet been performed.
This command has been deprecated in favor of AUTH::response_data.
AUTH::ssl_cc_ldap_username
* Returns the user name that the system retrieved from the LDAP
database from the last successful client certificate-based LDAP
query for the specified authorization session .
RETURN VALUE
VALID DURING
EXAMPLES
The rule below mimics the behavior of a BIG-IP 4.x authz configuration
"set auth hdr enable" and "onfailure username defaultuser". This rule
would be used in conjunction with client certificate LDAP auth.
when RULE_INIT {
set cc_ldap_username "defaultuser"
set tmm_auth_subscription "*"
}
when AUTH_RESULT {
array set auth_response_data [AUTH::response_data]
# set username [AUTH::ssl_cc_ldap_username]
set username [lindex [array get auth_response_data ccldap
if {username ne ""} {
set cc_ldap_username $username
}
}
when HTTP_REQUEST {
HTTP::header insert "Authorization: [b64encode $cc_ldap_username:password]"
}
Similar rule logic to the above example would be used with this data to
mimic the 4.x authz configuration "insert client status enable".
HINTS
SEE ALSO
CHANGE LOG
@BIGIP-9.0.0 --First introduced the command.
BIG-IP 2017-01-31 iRule(1)