Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

expression in an APM policy

Go to solution
Poseidon1974
Cirrus
Cirrus

‎20-Jul-2023 01:48

H,I am newbi to F5 APM, I would like to know how to add an expression (OR) on APM, to check in two variables see the example below : 

(&(objectclass=person)(name=%{session.saml.last.nameIDValue}) (here need to  add second variable)   (|(memberOf=CN

Thanks, 

 

Labels:
0 Kudos
2 ACCEPTED SOLUTIONS

Go to solution
whisperer
Cumulonimbus
Cumulonimbus

‎20-Jul-2023 05:35

Two ways to accomplish this. Easiest, and you can add branch logic for additional logging or custom error messages to user, would be cascading expression checks. You want an OR? Have the first expression. Pass - point to macro that permits access. Fail - point to second expression. Second expression. Pass - point to macro that permits access. Fail - error message to user.

Second way is your approach. This is more of an ldapsearch question. You are looking at standard ldapsearch syntax and not something that is F5 proprietary. Please take a look here:

http://www.ldapexplorer.com/en/manual/109010000-ldap-filter-syntax.htm

Test your lookup via ldapsearch, then implement on F5 using the same search filter.

 

View solution in original post

Go to solution
Poseidon1974
Cirrus
Cirrus
In response to whisperer

‎20-Jul-2023 11:52

Thank you

View solution in original post

0 Kudos
3 REPLIES 3

Go to solution
whisperer
Cumulonimbus
Cumulonimbus

‎20-Jul-2023 05:35

Two ways to accomplish this. Easiest, and you can add branch logic for additional logging or custom error messages to user, would be cascading expression checks. You want an OR? Have the first expression. Pass - point to macro that permits access. Fail - point to second expression. Second expression. Pass - point to macro that permits access. Fail - error message to user.

Second way is your approach. This is more of an ldapsearch question. You are looking at standard ldapsearch syntax and not something that is F5 proprietary. Please take a look here:

http://www.ldapexplorer.com/en/manual/109010000-ldap-filter-syntax.htm

Test your lookup via ldapsearch, then implement on F5 using the same search filter.

 

Go to solution
Poseidon1974
Cirrus
Cirrus
In response to whisperer

‎20-Jul-2023 11:52

Thank you

0 Kudos

Go to solution
Leslie_Hubertus
Community Manager
Community Manager
In response to Poseidon1974

‎24-Jul-2023 18:25

Hey @Poseidon1974  - I marked the reply from @whisperer as the Accepted Solution. If it didn't actually help you, let me know and I'll change that - but this way other users can more easily find the answer they need. 🙂

0 Kudos
Copyright © 2023 Khoros, LLC