Layer7 API Management

Very simple question.  It seems like whenever I use > or < (greater than or less than) in my LDAP Query, the Policy is Falsified.  Does API Gateway not support > or < in LDAP Queries?

Can you provide more details. I.e. the actual LDAP query you are using and any log entries associated with the failure.

Thanks!

JayMac

------------------------------
Jay MacDonald - Adoption Architect - Broadcom API Management (Layer 7)
------------------------------

Original Message:
Sent: 04-16-2020 10:54 AM
From: Edward Kreutzer
Subject: LDAP Query - Greater Than Less Than - Policy Falsified

Very simple question.  It seems like whenever I use > or < (greater than or less than) in my LDAP Query, the Policy is Falsified.  Does API Gateway not support > or < in LDAP Queries?

I've tried the most basic of LDAP queries: (AuthID>0)

AuthID is a number, but does that even matter?  Are there types in LDAP?

I'm fairly new to API Gateway.  I don't actually know how to view/export the logs you are talking about.  Can you elaborate on that?
Original Message:
Sent: 04-17-2020 03:25 PM
From: Jay MacDonald
Subject: LDAP Query - Greater Than Less Than - Policy Falsified

Can you provide more details. I.e. the actual LDAP query you are using and any log entries associated with the failure.

Thanks!

JayMac

------------------------------
Jay MacDonald - Adoption Architect - Broadcom API Management (Layer 7)

Original Message:
Sent: 04-16-2020 10:54 AM
From: Edward Kreutzer
Subject: LDAP Query - Greater Than Less Than - Policy Falsified

Very simple question.  It seems like whenever I use > or < (greater than or less than) in my LDAP Query, the Policy is Falsified.  Does API Gateway not support > or < in LDAP Queries?

If you have access to the filesystem, the log is in /opt/SecureSpan/Gateway/node/default/var/logs/ssg_0_0.log. If not you can access it via the Policy Manager menu: Tasks -> Logging and Auditing -> Manage Log/Audit Sinks.

Can you copy and paste the assertion here? It is just XML. I.e. in the Policy Manager, select the assertion, Ctl-C, then Ctl-V here. It will look similar to this:

<?xml version="1.0" encoding="UTF-8"?>
<wsp:Policy xmlns:L7p="http://www.layer7tech.com/ws/policy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
<wsp:All wsp:Usage="Required">
<L7p:LDAPQuery>
<L7p:AttrNames stringArrayValue="included"/>
<L7p:CacheSize intValue="100"/>
<L7p:LdapProviderOid goidValue="a15ecf74efd8433bf9c1737dd04bb845"/>
<L7p:QueryMappings queryAttributeMappings="included"/>
<L7p:SearchFilter stringValue="(AuthID>0)"/>
<L7p:SearchFilterInjectionProtected booleanValue="true"/>
</L7p:LDAPQuery>
</wsp:All>
</wsp:Policy>

------------------------------
Jay MacDonald - Adoption Architect - Broadcom API Management (Layer 7)
------------------------------

Original Message:
Sent: 04-17-2020 04:48 PM
From: Edward Kreutzer
Subject: LDAP Query - Greater Than Less Than - Policy Falsified

I've tried the most basic of LDAP queries: (AuthID>0)

AuthID is a number, but does that even matter?  Are there types in LDAP?

I'm fairly new to API Gateway.  I don't actually know how to view/export the logs you are talking about.  Can you elaborate on that?
Original Message:
Sent: 04-17-2020 03:25 PM
From: Jay MacDonald
Subject: LDAP Query - Greater Than Less Than - Policy Falsified

Can you provide more details. I.e. the actual LDAP query you are using and any log entries associated with the failure.

Thanks!

JayMac

------------------------------
Jay MacDonald - Adoption Architect - Broadcom API Management (Layer 7)

Original Message:
Sent: 04-16-2020 10:54 AM
From: Edward Kreutzer
Subject: LDAP Query - Greater Than Less Than - Policy Falsified

Very simple question.  It seems like whenever I use > or < (greater than or less than) in my LDAP Query, the Policy is Falsified.  Does API Gateway not support > or < in LDAP Queries?

Turns out you can't simply use greater than and less than in LDAP.  You can only use greater than or equal to and less than or equal to.  Basing on this post:

https://stackoverflow.com/questions/9309726/strict-less-than-operator-in-ldap-search-filter
Original Message:
Sent: 04-17-2020 08:20 PM
From: Jay MacDonald
Subject: LDAP Query - Greater Than Less Than - Policy Falsified

If you have access to the filesystem, the log is in /opt/SecureSpan/Gateway/node/default/var/logs/ssg_0_0.log. If not you can access it via the Policy Manager menu: Tasks -> Logging and Auditing -> Manage Log/Audit Sinks.

Can you copy and paste the assertion here? It is just XML. I.e. in the Policy Manager, select the assertion, Ctl-C, then Ctl-V here. It will look similar to this:

<?xml version="1.0" encoding="UTF-8"?>
<wsp:Policy xmlns:L7p="http://www.layer7tech.com/ws/policy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
<wsp:All wsp:Usage="Required">
<L7p:LDAPQuery>
<L7p:AttrNames stringArrayValue="included"/>
<L7p:CacheSize intValue="100"/>
<L7p:LdapProviderOid goidValue="a15ecf74efd8433bf9c1737dd04bb845"/>
<L7p:QueryMappings queryAttributeMappings="included"/>
<L7p:SearchFilter stringValue="(AuthID>0)"/>
<L7p:SearchFilterInjectionProtected booleanValue="true"/>
</L7p:LDAPQuery>
</wsp:All>
</wsp:Policy>

------------------------------
Jay MacDonald - Adoption Architect - Broadcom API Management (Layer 7)

Original Message:
Sent: 04-17-2020 04:48 PM
From: Edward Kreutzer
Subject: LDAP Query - Greater Than Less Than - Policy Falsified

I've tried the most basic of LDAP queries: (AuthID>0)

AuthID is a number, but does that even matter?  Are there types in LDAP?

I'm fairly new to API Gateway.  I don't actually know how to view/export the logs you are talking about.  Can you elaborate on that?
Original Message:
Sent: 04-17-2020 03:25 PM
From: Jay MacDonald
Subject: LDAP Query - Greater Than Less Than - Policy Falsified

Can you provide more details. I.e. the actual LDAP query you are using and any log entries associated with the failure.

Thanks!

JayMac

------------------------------
Jay MacDonald - Adoption Architect - Broadcom API Management (Layer 7)

Original Message:
Sent: 04-16-2020 10:54 AM
From: Edward Kreutzer
Subject: LDAP Query - Greater Than Less Than - Policy Falsified

Very simple question.  It seems like whenever I use > or < (greater than or less than) in my LDAP Query, the Policy is Falsified.  Does API Gateway not support > or < in LDAP Queries?

Right, according to RFC4515, it is >= or <=. There is no > or < in the syntax. https://tools.ietf.org/html/rfc4515

------------------------------
Jay MacDonald - Adoption Architect - Broadcom API Management (Layer 7)
------------------------------

Original Message:
Sent: 04-17-2020 04:48 PM
From: Edward Kreutzer
Subject: LDAP Query - Greater Than Less Than - Policy Falsified

I've tried the most basic of LDAP queries: (AuthID>0)

AuthID is a number, but does that even matter?  Are there types in LDAP?

I'm fairly new to API Gateway.  I don't actually know how to view/export the logs you are talking about.  Can you elaborate on that?
Original Message:
Sent: 04-17-2020 03:25 PM
From: Jay MacDonald
Subject: LDAP Query - Greater Than Less Than - Policy Falsified

Can you provide more details. I.e. the actual LDAP query you are using and any log entries associated with the failure.

Thanks!

JayMac

------------------------------
Jay MacDonald - Adoption Architect - Broadcom API Management (Layer 7)

Original Message:
Sent: 04-16-2020 10:54 AM
From: Edward Kreutzer
Subject: LDAP Query - Greater Than Less Than - Policy Falsified

Very simple question.  It seems like whenever I use > or < (greater than or less than) in my LDAP Query, the Policy is Falsified.  Does API Gateway not support > or < in LDAP Queries?