Forum Discussion

Mark_22062

Nimbostratus

May 20, 2013

APM - AD Nested Groups Limited?

Hi there, I am trying to configure remote access to an application using AD Query. The query is configured to check membership of a group "F5_Application", this group has a number of nested gro...

BIG-IP Access Policy Manager (APM)

remote access

security

Philipp_Stadler

Nimbostratus

May 30, 2014

with sessiondump I can see, that session.ad.last.attr.memberOf isn't truncated ...

I now got the result with an irule, datagroup and an irule event in VPE (with branch rule matching session.custom.allowed).

when ACCESS_POLICY_AGENT_EVENT {
   if {[ACCESS::policy agent_id] eq "member"} {
     set user [ACCESS::session data get session.logon.last.username]
     set memberOfList [split [ACCESS::session data get session.ad.last.attr.memberOf] "|"]
     ACCESS::session data set session.custom.allowed "0"
     foreach x $memberOfList {
       if { [class match -value -- $x contains datagroup_membersOf] equals "1" } {
         ACCESS::session data set session.custom.allowed "1"
         log local5. "Allowed User $user - Group:$x"
       }
     }
  }
}

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)