rwagner1
Nimbostratus
NimbostratusiRule help needed
I have an iRule that is sending all my groups as a single value when the vendor is requesting a separate values. Here's an example of what being sent and what is required. Current Group 1 Group 2 Group 3
Requesting Group 1
Group 2
Group 3
Here's the current iRule I am using. when ACCESS_POLICY_AGENT_EVENT { if { [ACCESS::policy agent_id] eq "extract_cn" } { set default_group "ABC All Users"
short_list is where we will store the abbreviated list of group names
set short_list [list]
set role_list [list]
set groups [ACCESS::session data get session.ad.last.attr.memberOf]
log local0. "Original groups: $groups"
foreach some_group [split $groups "|"] {
log local0. "Evaluating CN: $some_group"
take notice of the leading spaces of the CN match..
switch -glob -- $some_group {
" CN=DEF*" {
regexp {CN=([^,]+)} $some_group CNFull CNValue
log local0. "Adding to short_list: --$some_group"
log local0. "FULL: $CNFull Value: $CNValue"
lappend short_list $CNValue
unset CNFull;
unset CNValue;
}
" CN=GHI*" {
regexp {CN=([^,]+)} $some_group CNFull CNValue
log local0. "Adding to role_list: --$some_group"
lappend role_list $CNValue
unset CNFull
unset CNValue
}
default {
log local0. "No group found.."
}
}
}
set last_elem [expr {[llength $short_list] < 3 ? [llength $short_list] : 2 }]
ACCESS::session data set session.ad.last.attr.shortlist "[lrange $short_list 0 $last_elem]"
log local0. "short_list: [ACCESS::session data get session.ad.last.attr.shortlist]"
if { [llength $role_list] == 0 } {
lappend role_list "none"
}
set last_elem [expr {[llength $role_list] < 3 ? [llength $role_list] : 2 }]
ACCESS::session data set session.ad.last.attr.rolelist "[lrange $role_list 0 $last_elem]"
log local0. "role_list: [ACCESS::session data get session.ad.last.attr.rolelist]"
ACCESS::session data set session.ad.last.attr.defaultgroup $default_group
log local0. "default_group: [ACCESS::session data get session.ad.last.attr.defaultgroup]"
} }