Forum Discussion
jamie_staples
Cirrus
CirrusAPM Access Policy - Pass LDAP or AD Query variable
Is it possible to query whether a user has a value for one or another variable then use that to pass or fail passage down the rest of the swimlane for access? (e.g.- expr {[mcget {session.ad.session....
jamie_staplesCirrus
CirrusSomeone suggested this: https://community.f5.com/t5/technical-forum/apm-session-attribute-exists/td-p/260927
and that mostly works for me....but does the same logic still work if it's either of the variables that are true, i.e.
expr {[mcget {session.ad.session.ad.last.attr.variable1}] != "" || [mcget {session.ad.session.ad.last.attr.variable2}] != ""}
?
- Lucas_Thompson
Employee
Yep "||" works like that. For most cases, you can use "tclsh" on the BIG-IP command line to test small snippets like this (it doesn't support things like "contains" or "mcget" though, you have to substitute in your values there), for example:
- jamie_staples
Can tclsh be used as APM AD Query in VPE? It would use the logic like if this variable/attribue has a value or this other variable/attribute has a value, proceed down this path.
If it doesn't, what would? An iRule? And what would the iRule have to look like?
Sorry for so many questions...Thanks!
- jamie_staples
I directly modified this (https://community.f5.com/t5/technical-forum/apm-session-attribute-exists/td-p/260927) to use || (or):
"You are using 'info exists' and 'mcget' incorrectly.
'mcget' will return the value of the APM session variable, so if the session variable for 'session.ad.last.attr.mobile' is 555-1234 you are passing this to 'info exists'. i.e. you are executing 'info exits 555-1234' but guessing no variable exists named 555-1234 (or what ever the value is)
I think if you call 'mcget' on a session variable that doesn't exist I think you get "" returned, so the following should do what you want (not tested as no quick access to APM currently):
if {[mcget {session.ad.last.attr.mobile}] == ""} { set ad_attribute1_exists 0 } else { set ad_attribute1_exists 1 } if {[mcget {session.ad.last.attr.pager}] == ""} { set ad_attribute2_exists 0 } else { set ad_attribute2_exists 1 } expr { $ad_attribute1_exists == 1 && $ad_attribute2_exists == 1}
Or as a one liner:
expr { [mcget {session.ad.last.attr.mobile}] != "" && [mcget {session.ad.last.attr.pager}] != ""} "
