APM variable assign to trim ad group DN
I have created a variable assign in access policy based on some code I found on this site. This code allowed me to remove the AD distinguished name and just capture the name of the group in a variable.
That said we recently had a requirement to add a some leading characters to the group name that I also want to remove but not sure how to do both.
My current custom variable code this this
set mem_fields [split [mcget {session.ad.last.attr.memberOf}] "|"]; foreach mem $mem_fields { if { $mem contains "Test" } { set found $mem } }; set grp_fields [split $found "=,"]; return [lindex $grp_fields 1];
That takes this group DN CN=DIV-Test-123456-read-only,OU=Groups,OU=One,OU=Two,OU=Three,DC=Organization,DC=com
and converts to DIV-Test-123456-read-only
What I would like to do now is modify the code to return this instead (remove the DIV from the group name as well as remove all DN related stuff)
Test-123456-read-only
Thank you in advance for you time!
I figured this out, so updating incase someone else runs across this.
Since the group name I wanted to send had a bunch of - that made this more complex. So I changed the group name from
DIV-Test-123456-read-only
to
DIV_Test-123456-read-only (to an underscore instead of a - between DIV and Test)
This allowed me to then use this modified code:
I then added a _ to the Split $found section and change the $grp_fields from 1 to 2
set mem_fields [split [mcget {session.ad.last.attr.memberOf}] "|"]; foreach mem $mem_fields { if { $mem contains "Test" } { set found $mem } }; set grp_fields [split $found "=_,"]; return [lindex $grp_fields 2];