ldap auth not setting %{session.ldap.last.attr.dn}

AlexS_yb · ‎01-Apr-2021

Hi

I have a ldapauth followed by ldap query and the query is not working I have a search filter of uniquemember=%{session.ldap.last.attr.dn}

But %{session.ldap.last.attr.dn} is not set

I put a message box in between the 2 with

LDAP Auth worked

dn:-%{session.ldap.last.attr.dn}

logonname :- %{session.logon.last.logonname}

dn is not set in fact no session.ldap.last.attr.* are set !

SanjayP · ‎02-Apr-2021

Have you tried adding "dn" in required attribute under LDAP query properties? Alternatively, you can try with

"session.ldap.last.attr.memberOf" variable and works great to identify the group membership.

Below is the expression to check for the group membership -

expr {[string match -nocase {*group_name*} [mcget {session.ad.last.attr.memberOf}]] }

AlexS_yb · ‎05-Apr-2021

Seems like I have multiple issues going on. my ldap server is not serving up memberof attribute.

SanjayP · ‎06-Apr-2021

Please try to use memberof attribute as it worked as expected.

"session.ldap.last.attr.dn" works as well but you would see if user is part of more than 1 group those will be populated as session.ldap.last.attr.dn.1 until session.ldap.last.attr.dn.n and you would have to use some outside the box expressions to catch the required membership of the group.

AlexS_yb · ‎06-Apr-2021

yes I get that. but memberof is an extension - trying to get it to work, but its not working out of the box and i think its causing issues

DevCentral

ldap auth not setting %{session.ldap.last.attr.dn}

Khoros Kudos Award 2022