Forum Discussion
NimbostratusF5 APM SSL VPN RESOURCE Assign.
Hi,
We are implementing F5 APM SSL Vpn solution and have the following query.
1) Can a user be assigned resources based on his Group(Ad query) and user name simultaneously.
I know either we can assign resources either based on Group (Ad Query) or User name,
But since the user will be already authenticated by AD before the Ad query, can we assign resources based on his Ad group and Individual name both at the same time,
Please need your suggestions/Guidance
Regards Sharan Kumar
Within advanced resource assignment, go to the expression. The advanced tab and type:
expr { [mcget {session.ad.last.attr.memberOf}] contains "CN=MY_GROUP, CN=Users, DC=MY_DOMAIN1" && [mcget {session.logon.last.username}] equals "username" }Please replace the username and domain group to the correct values.
Cheers,
Kees
_Mo__2_200892Hi Sharank,
Through F5 APM the user who create a session has session variables and on my opinion you could imagainate the workflow you want and attach the Full Resources Assign by using :
session.logon.last.username and session.ad.last.attr.memberof or if ldap is used, the session variable is: session.ldap.last.attr.memberofRegards.
SharankHi, Thanks for your time
- Stanislas_Piro2
Cumulonimbus
In access policy advanced resource assign, if a user match multiple rules (on for groups and one for username for example) he will have all resources from these rules!
