Forum Discussion
matm_58717
Nimbostratus
NimbostratusProblems comparing memberof variable
Hi,
We have APM provisioning and trying use a iRule to discard the conection if session.ldap.last.attr.memberOf variable contains a certain value. This is the iRule:
when ACCESS_POLICY_COMPLETED {
set aux 0
if{[ACCESS::session data get "session.ldap.last.attr.memberOf"] contains "TEST" } {
$aux = 1
}
}
when HTTP_REQUEST {
switch -glob [HTTP::uri] {
"/URI_A/*" {
pool /Common/P-URI_A
}
"/URI_B/*" {
pool /Common/P-URI_B
}
"/URI_C/*" {
pool /Common/P-URI_C
}
"/URI_D/*" {
pool /Common/P-URI_D
}
"/URI_E/*" {
if{($aux == 0)}{
discard
}
}
default {
pool /Common/P-URI_DEFAULT
}
}
}
The if{[ACCESS::session data get "session.ldap.last.attr.memberOf"] contains "TEST" } Inside to ACCESS_POLICY_COMPLETED event report this error:
Feb 15 11:37:36 slot3/DEVICENAME err tmm1[30518]: 01220001:3: TCL error: /Common/IRULE_TEST - invalid command name "if{| CN=XXXX,OU=XXXX,OU=XXXX,OU=XXXX,OU=XXXX,DC=XXXX,DC=XXXXX,DC=XXXX | CN=XXX,OU=XXX,OU=XXX,OU=XXX,OU=XXX,DC=XXX,DC=XXX,DC=XXX |We have several doubts:
What event is running before?(HTTP_REQUEST or ACCESS_POLICY_COMPLETED) Why does not the "if" work? by the type of variable?
Thanks!!
1 Reply
JGCumulonimbus
Try this one:
when ACCESS_ACL_ALLOWED { set aux "[ACCESS::session data get session.ldap.last.attr.memberOf]" if { $aux contains "TEST" } { $aux = 1 } else { $aux = 0 } switch -glob [HTTP::uri] { "/URI_A/*" { pool /Common/P-URI_A } "/URI_B/*" { pool /Common/P-URI_B } "/URI_C/*" { pool /Common/P-URI_C } "/URI_D/*" { pool /Common/P-URI_D } "/URI_E/*" { if {($aux == 0)}{ discard } } default { pool /Common/P-URI_DEFAULT } } }
