01-Apr-2021 22:36
Hi
I have a ldapauth followed by ldap query and the query is not working I have a search filter of uniquemember=%{session.ldap.last.attr.dn}
But %{session.ldap.last.attr.dn} is not set
I put a message box in between the 2 with
LDAP Auth worked
dn:-%{session.ldap.last.attr.dn}
logonname :- %{session.logon.last.logonname}
dn is not set in fact no session.ldap.last.attr.* are set !
02-Apr-2021 04:22
Have you tried adding "dn" in required attribute under LDAP query properties? Alternatively, you can try with
"session.ldap.last.attr.memberOf" variable and works great to identify the group membership.
Below is the expression to check for the group membership -
expr {[string match -nocase {*group_name*} [mcget {session.ad.last.attr.memberOf}]] }
06-Apr-2021 00:29
Please try to use memberof attribute as it worked as expected.
"session.ldap.last.attr.dn" works as well but you would see if user is part of more than 1 group those will be populated as session.ldap.last.attr.dn.1 until session.ldap.last.attr.dn.n and you would have to use some outside the box expressions to catch the required membership of the group.