Forum Discussion

rwagner1's avatar
rwagner1
Icon for Nimbostratus rankNimbostratus
Sep 11, 2017

Need help modifying the following iRule

I received the following iRule which was created to only send a single AD attribute starting with TEST. We have now found that we can send up to 3 AD attributes and would like to edit the iRule to reflect this change.

Currently, if I'm in the following groups TEST123, TEST456 & TEST789, only TEST123 gets sent through. I would like to send all 3.

Here's the script when ACCESS_POLICY_AGENT_EVENT { if { [ACCESS::policy agent_id] eq "extract_cn" } { set default_group "All Users" short_list is where we will store the abbreviated list of groups set short_list [list] set groups [ACCESS::session data get session.ad.last.attr.memberOf] log local0. "Original groups: $groups"

foreach some_group [split $groups "|"] {
     log local0. "Evaluating CN: $some_group"

     take notice of the leading spaces of the CN match..
    switch -glob -- $some_group {
        " CN=TEST*"  {
            regexp {CN=([^,]+)} $some_group CNFull CNValue
             log local0. "Adding to short_list: --$some_group"
             log local0. "FULL: $CNFull  Value:  $CNValue"
            lappend short_list $CNValue
            unset CNFull;
            unset CNValue;
        }
        default {
             log local0. "No group found.."
        }
    }
}
if { [llength $short_list] == 0 } {
    lappend short_list $default_group
    log local0. "Using default $default_group"
}
ACCESS::session data set session.ad.last.attr.shortlist "[lindex $short_list 0]"
 log local0. "ShortList: [ACCESS::session data get session.ad.last.attr.shortlist]"

} }

1 Reply

  • Hi, I think you just need to change the follow:

    ACCESS::session data set session.ad.last.attr.shortlist "$short_list"

    Because when statement

    "[lindex $ short_list 0]"
    , it considers only the first item in the "short_list" appended.

    Regards.