Forum Discussion
The log statement just shows what the AUTH status result is for troubleshooting. I would suggest that if you can get the default _sys_auth_ldap iRule to work in your environment, then it can be modified to support your per-URI requirement. Can you post your config?
Dear Kevin Stewart,
Where BIG-IP stores the auth log? I searched it using "find local0" through SSH but it did not show anything.
I am using default _sys_auth_ldap now but it did not resolve the issue. I just added following lines (both in bold) to apply auth only to a specific path and in order to log as you said. You can see complete iRule in attachments:
when HTTP_REQUEST {
if {[HTTP::uri] contains "myFolder/myPage.action"} {
set tmm_auth_sid [AUTH::start pam default_ldap]
(...)
when AUTH_RESULT {
log local0. "AUTH status = [AUTH::status]"
if {not [info exists tmm_auth_http_sids(ldap)] or \
(...)
This is my auth profile active:
ltm auth profile /Common/Perfil_AD {
app-service none
configuration /Common/conector_con_AD
credential-source http-basic-auth
defaults-from /Common/ldap
enabled yes
idle-timeout 300
rule /Common/AUTH_LDAP_URL_v1
type ldap
}
And this is my configuration:
ltm auth ldap /Common/conector_con_AD {
bind-dn "CN=myUser,OU=FUNCIONES,OU=SISTEMAS,OU=SEDE,DC=mydomain,DC=com,DC=ar"
bind-pw myPassword
check-host-attr enabled
debug enabled
search-base-dn "OU=FUNCIONES,OU=SISTEMAS,OU=SEDE,DC=mydomain,DC=com,DC=ar"
servers { 19X.1XX.XX.1XX }
}
With this overall configuration, auth falls into a loop :(
PD: Thank you very much for your active help and you dedication