add authentication ldapAction ldap-srv-PIT -serverIP 192.168.100.50 -serverPort 389 -ldapBase "dc=domain,dc=pit" -ldapBindDn svcldap@domain.pit -ldapBindDnPassword Password1 -ldapLoginName sAMAccountName -groupAttrName memberOf -subAttributeName cn -nestedGroupExtraction ON -maxNestingLevel 3 -groupNameIdentifier sAMAccountName -groupSearchAttribute memberOf -groupSearchSubAttribute CN Variante 1) add authorization policy IntranetBackendAllow-G_PIT_Backend "HTTP.REQ.USER.IS_MEMBER_OF(\"G_PIT_Backend\")" ALLOW add authorization policy IntranetBackendAllow-L_PIT_Backend "HTTP.REQ.USER.IS_MEMBER_OF(\"L_PIT_Backend\")" ALLOW add authorization policy IntranetBackendAllow-U_PIT_VIPs "HTTP.REQ.USER.IS_MEMBER_OF(\"U_PIT_VIPs\")" ALLOW bind lb vserver LB-vsrv-intranet.domain.pit -policyName IntranetBackendAllow-G_PIT_Backend -priority 100 -gotoPriorityExpression END -type REQUEST bind lb vserver LB-vsrv-intranet.domain.pit -policyName IntranetBackendAllow-L_PIT_Backend -priority 200 -gotoPriorityExpression END -type REQUEST bind lb vserver LB-vsrv-intranet.domain.pit -policyName IntranetBackendAllow-U_PIT_VIPs -priority 300 -gotoPriorityExpression END -type REQUEST bind lb vserver LB-vsrv-intranet.domain.pit -policyName DenyAll -priority 1000 -gotoPriorityExpression END -type REQUEST Variante 2) add authorization policy IntranetBackendAllow "HTTP.REQ.USER.IS_MEMBER_OF(\"G_PIT_Backend\")||HTTP.REQ.USER.IS_MEMBER_OF(\"L_PIT_Backend\")||HTTP.REQ.USER.IS_MEMBER_OF(\"U_PIT_VIPs\")" ALLOW Variante 3) add policy expression IS_G_PIT_Backend "HTTP.REQ.USER.IS_MEMBER_OF(\"G_PIT_Backend\")" add policy expression IS_L_PIT_Backend "HTTP.REQ.USER.IS_MEMBER_OF(\"L_PIT_Backend\")" add policy expression IS_U_PIT_VIPs "HTTP.REQ.USER.IS_MEMBER_OF(\"U_PIT_VIPs\")" add authorization policy IntranetBackendAllow "IS_G_PIT_Backend || IS_L_PIT_Backend || IS_U_PIT_VIPs" ALLOW Variante 4) add policy expression IS_AllowForBackend "HTTP.REQ.USER.IS_MEMBER_OF(\"G_PIT_Backend\")||HTTP.REQ.USER.IS_MEMBER_OF(\"L_PIT_Backend\")||HTTP.REQ.USER.IS_MEMBER_OF(\"U_PIT_VIPs\")" add authorization policy IntranetBackendAllow "IS_AllowForBackend" ALLOW