Can you parse SM_Usergroups to only return just the CN of a group instead of the full DNs of each group..

Back to discussions

Expand all | Collapse all

Can you parse SM_Usergroups to only return just the CN of a group instead of the full DNs of each group..

Jump to Best Answer

1. Can you parse SM_Usergroups to only return just the CN of a group instead of the full DNs of each group..

0 Recommend
Calvin Grier
Posted Aug 03, 2017 02:09 PM

Reply Reply Privately
Can you parse SM_Usergroups to only return just the CN of a group instead of the full DNs of each group..

Ex:

cn=sales,ou=org,o=com
cn=marktering,ou=org,o=com

I just want
cn=Sales
and CN=Marketing

CA SM 12.52 SP1 CR05

Thanks,

Calvin Grier Jr
2. Re: Can you parse SM_Usergroups to only return just the CN of a group instead of the full DNs of each group..

0 Recommend
SungHoon_Kim
Posted Aug 03, 2017 07:31 PM

Reply Reply Privately
Operators - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation
Take a look at :
ENUMERATE Function--Test Set Elements
....
Example 1
Virtual User Attribute #GetCN set to RDN( STRING(%0),FALSE)
ENUMERATE(SM_USERGROUPS, #GetCN)
3. Re: Can you parse SM_Usergroups to only return just the CN of a group instead of the full DNs of each group..
Best Answer

3 Recommend
Legacy User
Posted Aug 03, 2017 07:32 PM

Reply Reply Privately
Yes, we can even eliminate CN=

Create an Expression Response and add the following.

ENUMERATE(SM_USERGROUPS, STRING(RDN(STRING(%0), FALSE)))

RESULT : 'OnlyGroupName=Adminprofile_ABC^Advancefprofile_ABC^Group0^application1-Group-admin'

OTHERWISE : 'AllGRP=cn=Adminprofile_ABC,dc=ca,dc=com^cn=Advancefprofile_ABC,dc=ca,dc=com^cn=Group0,dc=ca,dc=com^cn=application1-Group-admin,dc=ca,dc=com'
4. Re: Can you parse SM_Usergroups to only return just the CN of a group instead of the full DNs of each group..

0 Recommend
Legacy User
Posted Feb 15, 2018 11:30 PM

Reply Reply Privately
Where and how would I write this expression when I am setting up a SAML partnership and how would I add the FMATTR for a multivalued attribute. I need to map the memberOf AD user attribute to a role for a Red Hat EAP SP SAML Adapter
5. Re: Can you parse SM_Usergroups to only return just the CN of a group instead of the full DNs of each group..

0 Recommend
Legacy User
Posted Feb 15, 2018 11:49 PM

Reply Reply Privately
dcollings

Refer https://communities.ca.com/message/242025418-re-send-only-subset-of-the-groups-in-the-saml-assertions?commentID=242025418#comment-242025418

Review this thread.

Symantec Access Management

Can you parse SM_Usergroups to only return just the CN of a group instead of the full DNs of each group..

Calvin GrierAug 03, 2017 02:09 PM

SungHoon_KimAug 03, 2017 07:31 PM

Legacy UserAug 03, 2017 07:32 PMBest Answer

Legacy UserFeb 15, 2018 11:30 PM

Legacy UserFeb 15, 2018 11:49 PM

1. Can you parse SM_Usergroups to only return just the CN of a group instead of the full DNs of each group..

2. Re: Can you parse SM_Usergroups to only return just the CN of a group instead of the full DNs of each group..

ENUMERATE Function--Test Set Elements

3. Re: Can you parse SM_Usergroups to only return just the CN of a group instead of the full DNs of each group.. Best Answer

4. Re: Can you parse SM_Usergroups to only return just the CN of a group instead of the full DNs of each group..

5. Re: Can you parse SM_Usergroups to only return just the CN of a group instead of the full DNs of each group..

3. Re: Can you parse SM_Usergroups to only return just the CN of a group instead of the full DNs of each group..
Best Answer