Use session.ldap.last.attr.userPrincipalName in an iRule

Question

Hello,&nbsp;
In an iRule, I want to compare the userPrincipalName fetched from LDAP with the DN of an SSL certificate.&nbsp;
I have successfully extracted the email address from the certificate in a variable.  That part is working fine.&nbsp;
Now I'm not able to use the session variable called "session.ldap.last.attr.userPrincipalName" to do my comparison.&nbsp;
I tried this:&nbsp;
set myupn [ACCESS::session data get "session.ldap.last.attr.userPrincipalName"]
  log local0. "UPN VALUE is $myupn"&nbsp;
... but the variable $myupn remains empty.&nbsp;
For the sake of troubleshooting, in the above code, I tried to access session.logon.last.logonname, and in that case it works. &nbsp;
In the list of variables of the access policy, I see that "session.ldap.last.attr.userPrincipalName" is there and populated with the expected value.&nbsp;
How can I access the value of session.ldap.last.attr.userPrincipalName properly?&nbsp;
Thank you in advance.&nbsp;
Best Regards,&nbsp;

stanislas_piro2 · Answer

Hi,
are you sure the userPrincipalName is fetched by the LDAP query?
I recommend to do this check with variable assign instead of irule. 
session.custom.result ==
expr {[mcget {session.ldap.last.attr.userPrincipalName}] == [mcget {session.cert.UPN}]}

this will return 1 if same value, 0 if different.

Forum Discussion

Use session.ldap.last.attr.userPrincipalName in an iRule

Recent Discussions

How to export a list of paired external service providers from APM?

How to Renew F5 Device Certificate

BIG IP LTM - Multiple application on single VIP with multiple ports allowed.

Service discovery is not happening in AS3

Statistics ›› Analytics : HTTP : Overview

Related Content

iRules Style Guide

BIG-IP Next: iRules pool routing

Json parsing with iRules

Re: iRules Editor with Visual Studio Code

Hey ChatGPT, can you write iRules?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS