matm_58717
Feb 15, 2017Nimbostratus
Problems comparing memberof variable
Hi,
We have APM provisioning and trying use a iRule to discard the conection if session.ldap.last.attr.memberOf variable contains a certain value. This is the iRule:
when ACCESS_POLICY_COMPLETED {
set aux 0
if{[ACCESS::session data get "session.ldap.last.attr.memberOf"] contains "TEST" } {
$aux = 1
}
}
when HTTP_REQUEST {
switch -glob [HTTP::uri] {
"/URI_A/*" {
pool /Common/P-URI_A
}
"/URI_B/*" {
pool /Common/P-URI_B
}
"/URI_C/*" {
pool /Common/P-URI_C
}
"/URI_D/*" {
pool /Common/P-URI_D
}
"/URI_E/*" {
if{($aux == 0)}{
discard
}
}
default {
pool /Common/P-URI_DEFAULT
}
}
}
The if{[ACCESS::session data get "session.ldap.last.attr.memberOf"] contains "TEST" } Inside to ACCESS_POLICY_COMPLETED event report this error:
Feb 15 11:37:36 slot3/DEVICENAME err tmm1[30518]: 01220001:3: TCL error: /Common/IRULE_TEST - invalid command name "if{| CN=XXXX,OU=XXXX,OU=XXXX,OU=XXXX,OU=XXXX,DC=XXXX,DC=XXXXX,DC=XXXX | CN=XXX,OU=XXX,OU=XXX,OU=XXX,OU=XXX,DC=XXX,DC=XXX,DC=XXX |
We have several doubts:
What event is running before?(HTTP_REQUEST or ACCESS_POLICY_COMPLETED) Why does not the "if" work? by the type of variable?
Thanks!!