add authentication ldapAction ldap-srv-PIT -serverIP 192.168.100.50 -serverPort 389 -ldapBase "dc=domain,dc=pit" -ldapBindDn svcldap@domain.pit -ldapBindDnPassword Password1 -ldapLoginName sAMAccountName -groupAttrName memberOf -subAttributeName cn
add authentication ldapPolicy ldap-pol-PIT ns_true ldap-srv-PIT

add authentication vserver aaa-vsrv-aaa.domain.pit SSL 192.168.200.50 443
bind authentication vserver aaa-vsrv-aaa.domain.pit -policy ldap-pol-PIT -priority 100
bind ssl vserver aaa-vsrv-aaa.domain.pit -certkeyName aaa.domain.pit

add server INTRANET01 192.168.100.81
add server INTRANET02 192.168.100.82
add service svc-https-intranet01 INTRANET01 SSL 443
add service svc-https-intranet02 INTRANET02 SSL 443
add lb vserver lb-vsrv-intranet.domain.pit SSL 192.168.200.80 443 -persistenceType COOKIEINSERT -persistenceBackup SOURCEIP -AuthenticationHost aaa.domain.pit -Authentication ON -authnVsName aaa-vsrv-aaa.domain.pit
bind lb vserver lb-vsrv-intranet.domain.pit svc-https-intranet01
bind lb vserver lb-vsrv-intranet.domain.pit svc-https-intranet02
bind lb vserver lb-vsrv-intranet.domain.pit -certkeyName intranet.domain.pit

add authorization policy DenyAll HTTP.REQ.IS_VALID DENY
add authorization policy IntranetBackendAllow "HTTP.REQ.USER.IS_MEMBER_OF(\"G_PIT_Backend\")" ALLOW

bind lb vserver LB-vsrv-intranet.domain.pit -policyName IntranetBackendAllow -priority 100 -gotoPriorityExpression END -type REQUEST
bind lb vserver LB-vsrv-intranet.domain.pit -policyName DenyAll -priority 200 -gotoPriorityExpression END -type REQUEST