I'm attempting to assign resources to a user if their user name, retrieved during authentication, exists in a list. I've tried many combinations of the following to no avail:
when ACCESS_POLICY_AGENT_EVENT {
if { [ACCESS::policy agent_id] eq "usercheck" } {
if { [class match [ACCESS::session data get "session.logon.last.username"] equals /Common/dg_userlist1] } {
ACCESS::session data set session.logon.last.usergroup "usergroup1"
}
elseif { [class match [ACCESS::session data get "session.logon.last.username"] equals /Common/dg_userlist2] } {
ACCESS::session data set session.logon.last.usergroup "usergroup2"
}
elseif { [class match [ACCESS::session data get "session.logon.last.username"] equals /Common/dg_userlist3] } {
ACCESS::session data set session.logon.last.usergroup "usergroup3"
}
else {
ACCESS::session data set session.logon.last.usergroup "usergroup4"
}
}
}
If you add the datagroup records as string-value(username-variable), you can use only one datagroup and simplify the iRule by assigning datagroup parameter's value to the variable.
when ACCESS_POLICY_AGENT_EVENT {
if { [ACCESS::policy agent_id] eq "usercheck" } {
if { [class match [ACCESS::session data get "session.logon.last.username"] equals /Common/dg_userlist] } {
ACCESS::session data set session.logon.last.usergroup [class match -value [ACCESS::session data get "session.logon.last.username"] equals /Common/dg_userlist]
}
else {
ACCESS::session data set session.logon.last.usergroup "nondatagroupuser"
}
}
}
