Forum Discussion

Nimbostratus

Sep 30, 2013

APM access::session question

Hi all, I am currently creating an APM policy (we are using 11.3) which uses a LDAP query to read several attributes from the authenticated user into the session variables "session.ldap.last.att...

application delivery

BIG-IP Access Policy Manager (APM)

Employee

Oct 14, 2013

That isn't going to be easy. The APM session table is neither a list nor an array, and cannot be queried for "all matching values". The LDAP attributes will fill the table upon a successful query and will be available, by name, from that point forward.

That said, you could technically create a list object beforehand of all the LDAP objects that you care about, then cycle through them. Example:

when ACCESS_ACL_ALLOWED {
    set ldaplist [list "cn" "sn" "description" "whenCreated" "whenChanged" "displayName" "name" "objectGUID" "lastLogoff" "lastLogon" "primaryGroupID" "objectSid" "sAMAccountName" "userPrincipalName"]

    foreach x $ldaplist {
        HTTP::header insert $x [ACCESS::session data get session.ldap.last.attr.$x]
    }
}

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)