LDAP Group Resource Assign - not working - APM 11.6 HF6

Question

I have a portal access policy that allows the user to authenticate into the portal but when the LDAP Group Resource Assign assigns the Group (LDAP Room 999999)  the user receives "denied by access policy".  The user is actually in a LDAP room versus a LDAP Group so my syntax may be incorrect.&nbsp;
This is what i have configured to use to try to use LDAP Group/Room:
expr { [mcget {session.ldap.last.attr.roomNumber}] contains  [mcget {session.aa.room}] }&nbsp;
It may be that LDAP rooms are not the same as LDAP Groups or i believe TAC was telling me to change the expression but not sure how to do that.&nbsp;
Any ideas are greatly appreciated.&nbsp;

josiah_39459 · Answer

I would suggest using the sessiondump command or viewing the session report to make sure those variables are being set the way you expect.  There is nothing wrong with the TCL expression you have written, so you need to verify those variables contain the values you expect them to.

Forum Discussion

LDAP Group Resource Assign - not working - APM 11.6 HF6

1 Reply

Recent Discussions

F5 terminal - help to run commands - disk space full

vulnerabilities-CVE-2020-16150 & CVE-2013-0169

google autenticator broken barcode

Error while running ansible

ASM instance creation

Related Content

DevCentral Resources

Mitigating OWASP API Security Risk: Mass Assignment using F5 XC Platform

F5 Resources for COVID-19

SSO Resource Assignment

APM Webtop didn't appear in the Advanced resource assignment agent in trial VM V17.1.0