we will discuss how to check if a user is a member of a certain group using expression.
This can be used during policy evaluation or while sending a response.
Instructions:
For illustration purposes, we will configure a response to return true or false depending on whether the user is a member of the 'HR' group.
The expression that needs to be used is :
IsHR=<$expr="%SM_USERGROUPS ~CONTAINS 'CN=HR,CN=Users,DC=ad12,DC=lab'"$>
Where,
%SM_USERGROUPS returns a list of all the groups to which the user belongs separated by character ^
and ~CONTAINS performs a case-insensitive search
The full list of various other operations that are available is detailed here :
Testing Result :