Forum Discussion

Nolan_Jensen's avatar
Nolan_Jensen
Icon for Cirrostratus rankCirrostratus
Jan 07, 2021

APM variable assign to trim ad group DN

I have created a variable assign in access policy based on some code I found on this site. This code allowed me to remove the AD distinguished name and just capture the name of the group in a variab...
  • Nolan_Jensen's avatar
    Jan 07, 2021

    I figured this out, so updating incase someone else runs across this.

     

    Since the group name I wanted to send had a bunch of - that made this more complex. So I changed the group name from

    DIV-Test-123456-read-only

    to

    DIV_Test-123456-read-only (to an underscore instead of a - between DIV and Test)

     

    This allowed me to then use this modified code:

    I then added a _ to the Split $found section and change the $grp_fields from 1 to 2

    set mem_fields [split [mcget {session.ad.last.attr.memberOf}] "|"]; foreach mem $mem_fields { if { $mem contains "Test" } { set found $mem } }; set grp_fields [split $found "=_,"]; return [lindex $grp_fields 2];