For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Rosieodonell's avatar
Rosieodonell
Icon for Cirrus rankCirrus
Mar 23, 2020

Search for a certain string or value in a session variable, modify it, and create a new session variable

I need to create a certain variable from some information i pull from someone's AD group. I am basically query AD for a users "memberOf" and this is what i get:

 

| CN=__P-GBL-Software-ComputerName3-Extranet-ExternalAccess,OU=Container,OU=Groups,OU=Acct_ABC,DC=company,DC=com | CN=Code Committee,OU=Distribution Groups,OU=Groups,OU=Acct_ABC,DC=company,DC=ccom | CN=__A-GBL-Dept-Switch-FULL,OU=Admins,OU=Acct_ABC,DC=company,DC=com | CN=__ABC Staff Lotto (Restricted),OU=Distribution Groups,OU=Groups,OU=Acct_ABC,DC=company,DC=com | CN=__P-GBL-Pix-Loc-Special,OU=Software,OU=Groups,OU=Acct_ABC,DC=company,DC=com | CN=__P-GBL-Pix-Role-Telehealth,OU=Software,OU=Groups,OU=Acct_ABC,DC=company,DC=com | CN=__P-GBL-Pix-Loc-House Home Health,OU=Software,OU=Groups,OU=Acct_ABC,DC=company,DC=com | CN=Talking Email,OU=Distribution Groups,OU=Groups,OU=Acct_ABC,DC=company,DC=com | CN=ABC-MS-O365-E3-Reporting,OU=Azure,OU=Groups,OU=Acct_ABC,DC=company,DC=com | CN=__P-GBL-F5-Test,OU=Groups,OU=Acct_ABC,DC=company,DC=com |

 

I need to pull the computer name from this long list and this value can be dynamic and the number "3" could be single digit or two digits like a "12". The value "Container" is unique and i think i can start here. I was hoping to find the string that contained "Container", then separate the vlues by "-" and from "-" take the values behind it.

 

Example, first find the first string using "Container":

 

CN=__P-GBL-Software-ComputerName3-Extranet-ExternalAccess,OU=Container,OU=Groups,OU=Acct_ABC,DC=company,DC=com

 

Next separate by "-":

 

CN=__P-GBL

Software

ComputerName3

Extranet

ExternalAccess,OU=Container,OU=Groups,OU=Acct_ABC,DC=company,DC=com

 

And create a variable using ComputerName3. I have looked the different "Split" and "lindex" commands but it can be a little confusing. Any help?

application delivery
iRules
LTM
variable

3 Replies

  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    May 01, 2020

    this should work, use it in a variable assign to whatever session variable you want.

    set mem_fields [split [mcget {session.ad.last.attr.memberOf}] "|"]; foreach mem $mem_fields { if { $mem contains "Container" } { set found $mem } }; set grp_fields [split $found "-"]; return [lindex $grp_fields 2];

    if not please check apm log for error or what result you do get.

  • Rosieodonell's avatar
    Rosieodonell
    Icon for Cirrus rankCirrus
    May 01, 2020

    ​I am so sorry I turned out to be on of those people I hate. I asked a question, figured it out, but didn't update the web source to help others....

     

    I ended going with the following code:

     

    expr { [lindex [regexp -inline {.*-(.*)-Extranet-ExternalAccess.*} [mcget session.ad.last.attr.memberOf]] 1] }

    and this fixed my needs. thanks for the help!

    • boneyard's avatar
      boneyard
      Icon for MVP rankMVP
      May 03, 2020

      totally no worries, i had some fun while trying to come up with a solution. yours is way more elegant. although i have always learned to be careful with regexp in such cases due to load. is this working in a high usage environment or pretty small usergroup.