Separate users by DN for VIP Auth HUB authentication
search cancel

Separate users by DN for VIP Auth HUB authentication

book

Article ID: 391915

calendar_today

Updated On:

Products

VIP Authentication Hub

Issue/Introduction

This KB article offers recommendations for filtering users based on their distinguished name (DN), such as:

c=us,ou=finance,cn=eng
c=us,ou=engineering,cn=eng  

The customer requires an expression similar to:

user_dn eq c=us,ou=engineering,*

or an equivalent approach that effectively selects all users in the engineering department while excluding others. Additionally, the filter must function at any level within the DN hierarchy.

Environment

VIP Authentication(Auth) Hub

Version: 3.3

Resolution

For user_dn = "c=us,ou=engineering,*”. In this case the expression for this requirement is as follows

      "user": {
                        "operator": "in",
                        "value": [
                           "((user_dn EQ c=us*ou=engineering*) OR (user_dn EQ c=us*ou=finance*))"
                        ]
                    }

In the latest released build we don’t support “,” delimiter in the expression values. As a substitute “*” is being used . VIP AuthHub will be enhanced to support comma ',' in the future release.

Powered by Wolken Software