Forum Discussion

AlexS_yb's avatar
AlexS_yb
Icon for Cirrocumulus rankCirrocumulus
Apr 02, 2021

ldap auth not setting %{session.ldap.last.attr.dn}

Hi

 

I have a ldapauth followed by ldap query and the query is not working I have a search filter of uniquemember=%{session.ldap.last.attr.dn}

 

But %{session.ldap.last.attr.dn} is not set

 

I put a message box in between the 2 with

LDAP Auth worked

dn:-%{session.ldap.last.attr.dn}

logonname :- %{session.logon.last.logonname}

 

dn is not set in fact no session.ldap.last.attr.* are set !

 

 

 

  • Have you tried adding "dn" in required attribute under LDAP query properties? Alternatively, you can try with

    "session.ldap.last.attr.memberOf" variable and works great to identify the group membership.

     

    Below is the expression to check for the group membership -

    expr {[string match -nocase {*group_name*} [mcget {session.ad.last.attr.memberOf}]] }

  • Seems like I have multiple issues going on. my ldap server is not serving up memberof attribute.

     

    • spalande's avatar
      spalande
      Icon for Nacreous rankNacreous

      Please try to use memberof attribute as it worked as expected.

      "session.ldap.last.attr.dn" works as well but you would see if user is part of more than 1 group those will be populated as session.ldap.last.attr.dn.1 until session.ldap.last.attr.dn.n and you would have to use some outside the box expressions to catch the required membership of the group.

  • yes I get that. but memberof is an extension - trying to get it to work, but its not working out of the box and i think its causing issues