In this guide we will discuss how to check if a user is a member of a certain group using expression.
This can be used during policy evaluation or while sending a response.
- Policy Server : R12.52+,
- OS : ANY
- User Directory : ANY
For an illustration purpose, we will configure a response to return true or false depending upon whether the user is a member of group 'HR' or not.
The expression that needs to be used is :
IsHR=<$expr="%SM_USERGROUPS ~CONTAINS 'CN=HR,CN=Users,DC=ad12,DC=lab'"$>
%SM_USERGROUPS returns a list of all the group which the user belongs to separated by character ^
and ~CONTAINS performs a case insensitive search
The full list of various other operations that are available are detailed here :
Testing Result :