Complex AD Query

Question

I've seen THIS THREAD and although helpful in understanding the syntax, it did not help for my specific situation,

We have an IdP that authenticates users via their uid. As such, I've configured the searchFilter as uid=%{session.logon.last.username} and this is currently working well. However, I'm trying give the end user the flexibility of entering either sAMAccountName || email || uid. I'm looking for something similar to this logic:

get details of user where %{session.logon.last.username} matches sAMAcccountName || email || uid
send uid of matched user to RADIUS

If this is doable, how?

dario_garrido · Answer

Hello ak2766.
Have you tested with this sentence in your searchFilter field?
&nbsp;
(|(uid=%{session.logon.last.username})(email=%{session.logon.last.username})(sAMAccountName=%{session.logon.last.username}))
&nbsp;
Also, my recommendation is to use&nbsp;ldapsearch command to check if the query is getting all that you need and after that, translate it to the LDAP/AD query.
&nbsp;

Forum Discussion

Complex AD Query

1 Reply

Recent Discussions

F5Access | MacOS Sonoma

Rewrite uri translation not working

Chrome V 124+ on MacOS - Virtual Server Access Issue

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Minimizing Security Complexity: Managing Distributed WAF Policies

Adaptive Apps: Identify underlying issues in a complex app portfolio - Demo Kit

SSL Orchestrator Advanced Use Cases: Reducing Complexity

Pool downtime query

iRule Processing query