Support Center > Search Results > SecureKnowledge Details
Regular Expressions do not work to exclude users from Identity Awareness AD Query
Symptoms
  • Regular Expressions do not work to exclude users from Identity Awareness AD Query:

    • the users are not being ignored/excluded from AD Query
    • administrator is able to use a "string" and exclude specific users when typing their usernames letter for letter
  • Debug on Identity Awareness Gateway ('pdp debug set all all' and 'adlog a debug on') shows that the configured Regular Expression could not be processed by AD Query:

    [ PID ...]@HostName[Date Time] [ADLOG_EVENT_PROCESS(TD::Events)] bool ADLOG::CP_RegExp::setMultiPatterns(const std::vector<std::string, std::allocator<std::string> >&): Adding pattern: <CONFIGURED_REGULAR_EXPRESSION>
    ... ... ...
    [ PID ...]@HostName[Date Time] [ADLOG_EVENT_PROCESS(TD::Surprise)] bool ADLOG::CP_RegExp::compilePatterns(): Error while trying to compile the PM:
    Error: Error while trying to find LSS for pattern. Verify that pattern contains LSSType: 0index: 11pattern: 0
    [ PID ...]@HostName[Date Time] [ADLOG_EVENT_PROCESS(TD::Surprise)] bool ADLOG::EventFilterManager::processFieldConfiguration(const std::string&, const std::vector<std::string, std::allocator<std::string> >&): Patterns failed to complie for field (username)
    [ PID ...]@HostName[Date Time] [ADLOG_EVENT_PROCESS(TD::All)] virtual ADLOG::CP_RegExp::~CP_RegExp(): Entering DTOR ~CP_RegExp
    [ PID ...]@HostName[Date Time] kiss_pm_patterns_destroy: Entered with: kiss_pm_patterns: 0x...
    [ PID ...]@HostName[Date Time] [ADLOG_EVENT_PROCESS(TD::Surprise)] bool ADLOG::EventFilterManager::addRejectedUsers(const std::vector<std::string, std::allocator<std::string> >&): Failed to process rejected users.
    [ PID ...]@HostName[Date Time] [ADLOG_MANAGER(NAC::IS::TD::Surprise)] bool ADLOG::GatheringManager::configureEvents(const std::string&): Error while processing ignored users.
Cause
  1. Configured Regular Expression does not contain a "Longest Simple String" (LSS) within the pattern

  2. Configured Regular Expression contains the following types of characters within the pattern:
    • "\D" - any character that is not a decimal digit
    • "\S" - any character that is not whitespace
    • "\W" - any non-word character (not underscore or alphanumeric)

    These character types are not incorrectly converted to lower case.
    As a result, they "\D", "\W" or "\S" will be interpreted by the Pattern Matcher as "\d", "\w" or "\s", respectively.

Solution
Note: To view this solution you need to Sign In .