Forum Discussion
NimbostratusHow to keep only the value of "CN" part in session.ldap.last.attr.memberOf
Hi all,
I have been reading around here on devcentral and I did found some articles which I tried out , but I can't get this to work. We have an ldap server which responds with group names, and we only want to keep the value of the first CN. I have followed the article below, but when it runs, all I get is "Rule evaluation failed with error: can't read "Groups": no such variable".
Ref.: https://devcentral.f5.com/questions/how-to-get-group-name-cn-from-sessionadlastattrmemberof-51188
| CN=123456789,ou=customers,ou=Groups,dc=example,dc=com | CN=webapp,ou=applications,ou=Groups,dc=example,dc=com |
In the example above, I only want to keep the value of the first CN (123456789), and save that value to variable (which in turn I will use in a header for the backend). The CN value is different for each user.
Stanislas_Piro2Cumulonimbus
Look at this article:
https://devcentral.f5.com/codeshare/apm-variable-assign-examples-1107
use this variable assign:
set group_name[split [lindex [mcget {session.ldap.last.attr.memberOf}] 0] ",="]; foreach {name value} $group_name{ if {[string trim $name] equals "CN"} { return [string trim $value]; } }- Kai_Wilke
MVP
Hi Jim,
if your CN values MAY contain escaped comma signs (aka. $1 sequence), then use one of the code snippet(s) below. The snippet(s) will check for those escaped comma signs and take care of them...
Short but difficult to understand snipped:
set group_string [mcget "session.ldap.last.attr.memberOf "] ; if { $group_string contains "\\," } then { return [string map { "" "\\," } [string range [set escaped_group_string [string map { "\\," "" } $group_string]] [expr { [string first "CN=" $escaped_group_string] + 3 }] [expr { [string first "," $escaped_group_string] -1 }]]] ; } else { return [string range $group_string [expr { [string first "CN=" $group_string] + 3 }] [expr { [string first "," $group_string] -1 }]] ; } ;Long but easy to understand snipped:
set group_string [mcget "session.ldap.last.attr.memberOf "] ; if { $group_string contains "\\," } then { set escaped_group_string [string map { "\\," "" } $group_string]; set string_start [expr { [string first "CN=" $escaped_group_string] + 3 }] ; set string_stop [expr { [string first "," $escaped_group_string] -1 }] ; set escaped_result_string [string range $escaped_group_string $string_start $string_stop] ; set result_string [string map { "" "\\," } $escaped_result_string] ; return $result_string ; } else { set string_start [expr { [string first "CN=" $group_string] + 3 }] ; set string_stop [expr { [string first "," $group_string] -1 }] ; set result_string [string range $group_string $string_start $string_stop] ; return $result_string ; } ;Cheers, Kai
