Forum Discussion
Cirrocumulusldap auth not setting %{session.ldap.last.attr.dn}
Hi
I have a ldapauth followed by ldap query and the query is not working I have a search filter of uniquemember=%{session.ldap.last.attr.dn}
But %{session.ldap.last.attr.dn} is not set
I put a message box in between the 2 with
LDAP Auth worked
dn:-%{session.ldap.last.attr.dn}
logonname :- %{session.logon.last.logonname}
dn is not set in fact no session.ldap.last.attr.* are set !
spalandeNacreous
Have you tried adding "dn" in required attribute under LDAP query properties? Alternatively, you can try with
"session.ldap.last.attr.memberOf" variable and works great to identify the group membership.
Below is the expression to check for the group membership -
expr {[string match -nocase {*group_name*} [mcget {session.ad.last.attr.memberOf}]] }
AlexS_ybSeems like I have multiple issues going on. my ldap server is not serving up memberof attribute.
- spalande
Please try to use memberof attribute as it worked as expected.
"session.ldap.last.attr.dn" works as well but you would see if user is part of more than 1 group those will be populated as session.ldap.last.attr.dn.1 until session.ldap.last.attr.dn.n and you would have to use some outside the box expressions to catch the required membership of the group.
- AlexS_yb
yes I get that. but memberof is an extension - trying to get it to work, but its not working out of the box and i think its causing issues