Traffic script rule to request a client to Authent...

Brother_Fox · ‎10-13-2020

Hello guys,

We are using vTM 19.2r2.

Question from my side - how to create Traffic script rule to authenticate users/apps against LDAPS on port 636 and depend of the answer from LDAP - grant or deny access to backend SMTP server on port 25.

Can someone help with Traffic script rule please?

ldarby · ‎02-01-2021

Hi Brother_Fox,

Apologies for the lack of response here. If you haven't already found out, the way to do this is configure the ldap authenticator in Catalogs > Authenticators (and not System > Users > Authenticators). Then you can use the auth.query() function to query it with the user/password (and see the auth.query() docs for an example with HTTP), then probably connection.close("...") with the right SMTP syntax to reject connections.

This article might be helpful in extracting the user/password from SMTP traffic: https://community.pulsesecure.net/t5/Pulse-Secure-vADC/HowTo-Inspect-and-synchronize-SMTP/ta-p/29185.

If you need further assitance writing the Trafficscript then Pulse Secure can help but this would be under a professional services engagment, please see https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44677.

Regards,

Laurence

Pulse Secure vADC Support (Acquired by Ivanti)

Traffic script rule to request a client to Authenticate against an LDAP Authenticator

Traffic script rule to request a client to Authenticate against an LDAP Authenticator

Re: Traffic script rule to request a client to Authenticate against an LDAP Authenticator