Advanced AD Query

Question

Hi,&nbsp;
I am attempting to do an AD Query on an attribute of a user logging in through APM.&nbsp;
I need to determine if the attribute in question contains a value or not.&nbsp;
If the attribute contains a value, then the user will get directed one way.  If the attribute is empty or null, then I want to send the user down another path.&nbsp;
I can not find any syntax on how to query an attribute in APM.&nbsp;
I think I should be able to enter an expression on the advanced tab of an ad query to determine if there is a null value or not.&nbsp;
Is this possible?&nbsp;
Thanks,&nbsp;
-John&nbsp;

chris_17748 · Answer

John - If I understand correctly you looking to use the advanced tab of branch rule to determine how to route a user.  This is an example of a check for the existence of a value from a LDAP query.  You would need to use a AD session variable instead of the ldap session variable but the basic structure of the check to see if a value exists is like this:&nbsp;
expr { [mcget {session.ldap.last.attr.unixHomeDirectory}] != "" }&nbsp;
I've never tried or thought of using the check on a branch rule of the query item itself, but I would think it would work (and I might start using it if it does).  I tend to do the branch selection with an item following the query itself mostly to keep operations broken out so I remember what everything does.&nbsp;

john_t__morgan_ · Answer

Thanks for the reply.

Waht I am actually looking for is whether or not there is a value in the attribute "extensionAttribute15".

I am using this: expr { [mcget {session.ad.last.attr.extensionAttribute15}] != "" }

But I get the following error "Rule evaluation failed with error: syntax error in expression " [mcget {session.ad.last.attr.extensionAttribute15}] = "" ": extra tokens at end of expression"

So, I'm not sure if I actually have an extra token or if I just have a syntax error in the formation of the variable name.

-John
But i get an error

chris_17748 · Answer

Are you getting the error when you try to save the the expression or when it evaluates?  I'm wondering if the data stored in that attribute is a data type that has to be handled differently.

Forum Discussion

Advanced AD Query

3 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Software Downgrade from version 17.x.x to 15.x.x

Error diskmonitor

CPU utilization of F5OS on r2600

sslprovide (--f5 ssl) does not generate CLIENT/SERVER_TRAFFIC_SECRET on server-side TLS traffic

Hardware replacement i2800 to r2600

Related Content

From ASM to Advanced WAF: Advancing your Application Security

BIG-IP Advanced Firewall Manager (AFM) DNS NXDOMAIN Query Attack Type Walkthrough - part two

BIG-IP Advanced Firewall Manager (AFM) DNS NXDOMAIN Query Attack Type Walkthrough

Rate limiting GraphQL API query using iRule and Advanced WAF Violation

Introduction to F5 BIG-IP Advanced Firewall Manager (AFM)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS