Forum Discussion
Apr 18, 2023
Hi nickamon,
I think multiple variable cannot be compare without using "or" in the expression. Using iRule can help.
- Add iRule event before Advanced Resource Assign.
- Compare user names with datagroup in the iRule.
- Set new variable by datagroup match in the iRule.
- Use the variable in Advanced Resource Assign Expression.
expr { [mcget {session.logon.last.usergroup}] equals "usergroup1" }
iRule:
when ACCESS_POLICY_AGENT_EVENT {
if { [ACCESS::policy agent_id] eq "usercheck" } {
if { [class match [ACCESS::session data get "session.logon.last.username"] equals /Common/dg_userlist1] } {
ACCESS::session data set session.logon.last.usergroup "usergroup1"
}
elseif { [class match [ACCESS::session data get "session.logon.last.username"] equals /Common/dg_userlist2] } {
ACCESS::session data set session.logon.last.usergroup "usergroup2"
}
elseif { [class match [ACCESS::session data get "session.logon.last.username"] equals /Common/dg_userlist3] } {
ACCESS::session data set session.logon.last.usergroup "usergroup3"
}
else {
ACCESS::session data set session.logon.last.usergroup "usergroup4"
}
}
}
If you add the datagroup records as string-value(username-variable), you can use only one datagroup and simplify the iRule by assigning datagroup parameter's value to the variable.
when ACCESS_POLICY_AGENT_EVENT {
if { [ACCESS::policy agent_id] eq "usercheck" } {
if { [class match [ACCESS::session data get "session.logon.last.username"] equals /Common/dg_userlist] } {
ACCESS::session data set session.logon.last.usergroup [class match -value [ACCESS::session data get "session.logon.last.username"] equals /Common/dg_userlist]
}
else {
ACCESS::session data set session.logon.last.usergroup "nondatagroupuser"
}
}
}