Forum Discussion
there is another very, very annoying issue concerning the use of %{} in APM elements:
it seems that if using elements like suggessted before
%{session.custom.dnpart0},%{session.custom.dnpart1},%{session.custom.dnpart2}
they get sorted for I don't know what reason ?!?
I want to split the DN and then sort it reverse, so that the most significant part is the element 0 - not the least significant. I want to use that for simply using only X elements of the DN, even if there were more specified. So I can use:
%{session.custom.dnpart2},%{session.custom.dnpart1},%{session.custom.dnpart0}
and simply not use other less significant parts of the DN for searching.
I tried that and had no idea why it was not working. The message was like:
Oct 15 10:52:16 ras1zh info tmm6[10190]: Rule /Common/portal_ras_access-policy : portal_logon_post: entering ...
Oct 15 10:52:16 ras1zh info tmm6[10190]: Rule /Common/portal_ras_access-policy : portal_logon_post: SearchDN: ou=ABX,ou=Kunden,dc=abxsec,dc=com
Oct 15 10:52:16 ras1zh info tmm6[10190]: Rule /Common/portal_ras_access-policy : portal_logon_post: length = 4
Oct 15 10:52:16 ras1zh info tmm6[10190]: Rule /Common/portal_ras_access-policy : portal_logon_post: entering loop ...
Oct 15 10:52:16 ras1zh info tmm6[10190]: Rule /Common/portal_ras_access-policy : portal_logon_post: session.custom.dnpart0: dc=com
Oct 15 10:52:16 ras1zh info tmm6[10190]: Rule /Common/portal_ras_access-policy : portal_logon_post: session.custom.dnpart1: dc=abxsec
Oct 15 10:52:16 ras1zh info tmm6[10190]: Rule /Common/portal_ras_access-policy : portal_logon_post: session.custom.dnpart2: ou=Kunden
Oct 15 10:52:16 ras1zh info tmm6[10190]: Rule /Common/portal_ras_access-policy : portal_logon_post: session.custom.dnpart3: ou=ABX
Oct 15 10:52:16 ras1zh info tmm6[10190]: Rule /Common/portal_ras_access-policy : portal_logon_post: leaving ...
Oct 15 10:52:16 ras1zh err apd[6742]: 01490110:3: dbd1d089: LDAP module: query with 'uid=axfme02' failed: No such object, dn: dc=com,dc=abxsec,ou=Kunden,ou=ABX scope: 2 filter: uid=axfme02 (32)
as you can see above, I log the elements of the DN. And normally it the search DN should be correct and not reversed. I thought there is a problem with syncing or something like that. I tried to put in the elements one by one in the search-dn field of the LDAP query, and there the variables are used correctly. I also tried to use no "comma" as seperator, instead I used "--" as a seperator. And was really astonished that it substituted the variables correctly.
I was on the right way. I used the following entry in the search DN field:
%{session.custom.dnpart2},%{session.custom.dnpart1},%{session.custom.dnpart0}--
and what happens ? It does not get sorted and would work if there were not this f.... "--" at the end:
Oct 15 10:54:09 ras1zh err apd[6742]: 01490110:3: 3fe6dc68: LDAP module: authentication with 'uid=axfme02' failed: No such object, base: ou=ABX,ou=Kunden,dc=abxsec,dc=com -- scope: 2 filter: uid=axfme02 (32)
I'm really disappointed. Why do F5 think that it needs to do such odd things with MY input ?? I don't want to somehow sort or escape my variables. I want them to be as they are.
Can somebody help here ??
best regards,
Florian