The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
|
Regular Expressions do not work to exclude users from Identity Awareness AD Query
|
Technical Level
|
| Solution ID |
sk107156 |
| Technical Level |
|
| Product |
Identity Awareness |
| Version |
R75 (EOL), R76 (EOL), R77 (EOL), R77.10 (EOL), R77.20, R77.30 (EOL) |
| OS |
Gaia, SecurePlatform 2.6, IPSO 6.2, Crossbeam XOS |
| Platform / Model |
All |
| Date Created |
02-Aug-2015
|
| Last Modified |
24-Sep-2015
|
Symptoms
Regular Expressions do not work to exclude users from Identity Awareness AD Query:
- the users are not being ignored/excluded from AD Query
- administrator is able to use a "string" and exclude specific users when typing their usernames letter for letter
Debug on Identity Awareness Gateway ('pdp debug set all all' and 'adlog a debug on') shows that the configured Regular Expression could not be processed by AD Query:
[ PID ...]@HostName[Date Time] [ADLOG_EVENT_PROCESS(TD::Events)] bool ADLOG::CP_RegExp::setMultiPatterns(const std::vector<std::string, std::allocator<std::string> >&): Adding pattern: <CONFIGURED_REGULAR_EXPRESSION>
... ... ...
[ PID ...]@HostName[Date Time] [ADLOG_EVENT_PROCESS(TD::Surprise)] bool ADLOG::CP_RegExp::compilePatterns(): Error while trying to compile the PM:
Error: Error while trying to find LSS for pattern. Verify that pattern contains LSSType: 0index: 11pattern: 0
[ PID ...]@HostName[Date Time] [ADLOG_EVENT_PROCESS(TD::Surprise)] bool ADLOG::EventFilterManager::processFieldConfiguration(const std::string&, const std::vector<std::string, std::allocator<std::string> >&): Patterns failed to complie for field (username)
[ PID ...]@HostName[Date Time] [ADLOG_EVENT_PROCESS(TD::All)] virtual ADLOG::CP_RegExp::~CP_RegExp(): Entering DTOR ~CP_RegExp
[ PID ...]@HostName[Date Time] kiss_pm_patterns_destroy: Entered with: kiss_pm_patterns: 0x...
[ PID ...]@HostName[Date Time] [ADLOG_EVENT_PROCESS(TD::Surprise)] bool ADLOG::EventFilterManager::addRejectedUsers(const std::vector<std::string, std::allocator<std::string> >&): Failed to process rejected users.
[ PID ...]@HostName[Date Time] [ADLOG_MANAGER(NAC::IS::TD::Surprise)] bool ADLOG::GatheringManager::configureEvents(const std::string&): Error while processing ignored users.
Cause
- Configured Regular Expression does not contain a "Longest Simple String" (LSS) within the pattern
- Configured Regular Expression contains the following types of characters within the pattern:
- "\D" - any character that is not a decimal digit
- "\S" - any character that is not whitespace
- "\W" - any non-word character (not underscore or alphanumeric)
These character types are not incorrectly converted to lower case.
As a result, they "\D", "\W" or "\S" will be interpreted by the Pattern Matcher as "\d", "\w" or "\s", respectively.
Solution
|
Note: To view this solution you need to
Sign In
.
|
