NimbostratusCan someone give me a pointer as to the best way to create a custom session variable that returns all AD groups that start with a certain string? I'm not sure if the best way to do it is with an LDAP query or with a TCL expression. We have some particular groups that all start with F5- and I'd like to only return those groups as a session variable.
Since you already have the memberOf session variable and this is a subset. I'd just run the split command on memberOf and iterate through the results to make your new list of F5- only ones.
https://www.tcl.tk/man/tcl8.4/TclCmd/split.htm
NimbostratusYes, perfect...
set list "|"; foreach element [split [mcget {session.ad.last.attr.memberOf}] "|"] { if { $element contains "XYZ"}{ append list "$element|"; } } return $list;
Returns all groups that contain the string "XYZ" in an abbreviated list.
Cirrostratus
EmployeeYou can use a Variable Assign box with an expression like this:
set list "|";
foreach element [split [mcget {session.ad./Common/myPolicy_act_active_directory_query_ag.attr.member}] "|"] {
if { $element contains "Adm"}{
append list "$element | ";
}
}
return $list;
I assigned it to a variable session.custom.myvar. You will need to modify your session variable accordingly but it should work.
Nimbostratus
NimbostratusNewbie here, so please excuse me for not understanding.
thanks all for this post and answers! Took me a while to find this and it works great for me if I have multiple groups containing "XYZ". However, If I have only one group it appends the pipe in front and back of the single value. Was hoping to just return the single value.
Any help would be great!
Thank you