cancel
Showing results for 
Search instead for 
Did you mean: 

ldap auth not setting %{session.ldap.last.attr.dn}

AlexS_yb
Cirrostratus
Cirrostratus

Hi

 

I have a ldapauth followed by ldap query and the query is not working I have a search filter of uniquemember=%{session.ldap.last.attr.dn}

 

But %{session.ldap.last.attr.dn} is not set

 

I put a message box in between the 2 with

LDAP Auth worked

dn:-%{session.ldap.last.attr.dn}

logonname :- %{session.logon.last.logonname}

 

dn is not set in fact no session.ldap.last.attr.* are set !

 

 

 

4 REPLIES 4

SanjayP
MVP
MVP

Have you tried adding "dn" in required attribute under LDAP query properties? Alternatively, you can try with

"session.ldap.last.attr.memberOf" variable and works great to identify the group membership.

 

Below is the expression to check for the group membership -

expr {[string match -nocase {*group_name*} [mcget {session.ad.last.attr.memberOf}]] }

AlexS_yb
Cirrostratus
Cirrostratus

Seems like I have multiple issues going on. my ldap server is not serving up memberof attribute.

 

Please try to use memberof attribute as it worked as expected.

"session.ldap.last.attr.dn" works as well but you would see if user is part of more than 1 group those will be populated as session.ldap.last.attr.dn.1 until session.ldap.last.attr.dn.n and you would have to use some outside the box expressions to catch the required membership of the group.

AlexS_yb
Cirrostratus
Cirrostratus

yes I get that. but memberof is an extension - trying to get it to work, but its not working out of the box and i think its causing issues