Forum Discussion
NimbostratusNeed help modifying the following iRule
I received the following iRule which was created to only send a single AD attribute starting with TEST. We have now found that we can send up to 3 AD attributes and would like to edit the iRule to reflect this change.
Currently, if I'm in the following groups TEST123, TEST456 & TEST789, only TEST123 gets sent through. I would like to send all 3.
Here's the script when ACCESS_POLICY_AGENT_EVENT { if { [ACCESS::policy agent_id] eq "extract_cn" } { set default_group "All Users" short_list is where we will store the abbreviated list of groups set short_list [list] set groups [ACCESS::session data get session.ad.last.attr.memberOf] log local0. "Original groups: $groups"
foreach some_group [split $groups "|"] {
log local0. "Evaluating CN: $some_group"
take notice of the leading spaces of the CN match..
switch -glob -- $some_group {
" CN=TEST*" {
regexp {CN=([^,]+)} $some_group CNFull CNValue
log local0. "Adding to short_list: --$some_group"
log local0. "FULL: $CNFull Value: $CNValue"
lappend short_list $CNValue
unset CNFull;
unset CNValue;
}
default {
log local0. "No group found.."
}
}
}
if { [llength $short_list] == 0 } {
lappend short_list $default_group
log local0. "Using default $default_group"
}
ACCESS::session data set session.ad.last.attr.shortlist "[lindex $short_list 0]"
log local0. "ShortList: [ACCESS::session data get session.ad.last.attr.shortlist]"
} }
1 Reply
cjuniorNacreous
Hi, I think you just need to change the follow:
ACCESS::session data set session.ad.last.attr.shortlist "$short_list"Because when statement
, it considers only the first item in the "short_list" appended."[lindex $ short_list 0]"Regards.
