Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

Get shorthand session values in irule from ldap query

smilanko_261688
Cirrus
Cirrus

‎01-Jun-2016 07:01 - last edited on ‎05-Jun-2023 16:05 by Fog

I have a policy that issues a LDAP query after a user is authenticated. The query retrieves back all the "memberOf" attribute from AD. When I look at the session variables in F5, I can see all of my data, which looks something like this:

`be92fd82.session.ad./Common/cool-access-policy_act_active_directory_query_ag.attr.memberOf`


| CN=Cool_Administrators,OU=COOL Users,OU=Users,OU=UCOP,DC=COOLS,DC=Net | CN=Domain Users,CN=Users,DC=COOLS,DC=Net | CN=MAINS Users,OU=App-Groups,OU=MAINS,OU=Bus,OU=Ent,DC=COOLS,DC=Net | CN=Users,CN=Builtin,DC=COOLS,DC=Net |

I want to loop through these values in a IRule, after the query is successful, and insert them into the header, but only the CN values.

I know I can insert the headers like this:

`when HTTP_REQUEST  {
          HTTP::header replace username "coolio"
          HTTP::header replace roles "Cool_Administrators,Domain Users,MAINS Users"
          HTTP::header replace domain "COOLS"
    }`

But I do not know how to loop through and split the array into CN values.

Labels:
0 Kudos
1 REPLY 1

Josiah_39459
Historic F5 Account

‎01-Jun-2016 08:15

You can use 'tclsh' on the BIG-IP to test such things.

 

[root@josiah-lab-ve:Active:Standalone] config tclsh

 

% set s {| CN=Cool_Administrators,OU=COOL Users,OU=Users,OU=UCOP,DC=COOLS,DC=Net | CN=Domain Users,CN=Users,DC=COOLS,DC=Net | CN=MAINS Users,OU=App-Groups,OU=MAINS,OU=Bus,OU=Ent,DC=COOLS,DC=Net | CN=Users,CN=Builtin,DC=COOLS,DC=Net |}

 

| CN=Cool_Administrators,OU=COOL Users,OU=Users,OU=UCOP,DC=COOLS,DC=Net | CN=Domain Users,CN=Users,DC=COOLS,DC=Net | CN=MAINS Users,OU=App-Groups,OU=MAINS,OU=Bus,OU=Ent,DC=COOLS,DC=Net | CN=Users,CN=Builtin,DC=COOLS,DC=Net |

 

% set matched [split [string map [list {| CN=} \0] $s] \0]

 

{} {Cool_Administrators,OU=COOL Users,OU=Users,OU=UCOP,DC=COOLS,DC=Net } {Domain Users,CN=Users,DC=COOLS,DC=Net } {MAINS Users,OU=App-Groups,OU=MAINS,OU=Bus,OU=Ent,DC=COOLS,DC=Net } {Users,CN=Builtin,DC=COOLS,DC=Net |}

 

% foreach match $matched { if { $match != "" } { puts [string range $match 0 [expr [string first , $match] - 1]] } }

 

Cool_Administrators

 

Domain Users

 

MAINS Users

 

Users

 

0 Kudos
Copyright © 2023 Khoros, LLC