The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Regular Expressions do not work to exclude users from Identity Awareness AD Query
| Solution ID |
sk107156 |
| Product |
Identity Awareness |
| Version |
R75, R76, R77, R77.10, R77.20, R77.30 |
| OS |
Gaia, SecurePlatform 2.6, IPSO 6.2, Crossbeam XOS |
| Platform / Model |
All |
| Date Created |
02-Aug-2015
|
| Last Modified |
24-Sep-2015
|
Symptoms
Regular Expressions do not work to exclude users from Identity Awareness AD Query:
- the users are not being ignored/excluded from AD Query
- administrator is able to use a "string" and exclude specific users when typing their usernames letter for letter
Debug on Identity Awareness Gateway ('pdp debug set all all' and 'adlog a debug on') shows that the configured Regular Expression could not be processed by AD Query:
[ PID ...]@HostName[Date Time] [ADLOG_EVENT_PROCESS(TD::Events)] bool ADLOG::CP_RegExp::setMultiPatterns(const std::vector<std::string, std::allocator<std::string> >&): Adding pattern: <CONFIGURED_REGULAR_EXPRESSION>
... ... ...
[ PID ...]@HostName[Date Time] [ADLOG_EVENT_PROCESS(TD::Surprise)] bool ADLOG::CP_RegExp::compilePatterns(): Error while trying to compile the PM:
Error: Error while trying to find LSS for pattern. Verify that pattern contains LSSType: 0index: 11pattern: 0
[ PID ...]@HostName[Date Time] [ADLOG_EVENT_PROCESS(TD::Surprise)] bool ADLOG::EventFilterManager::processFieldConfiguration(const std::string&, const std::vector<std::string, std::allocator<std::string> >&): Patterns failed to complie for field (username)
[ PID ...]@HostName[Date Time] [ADLOG_EVENT_PROCESS(TD::All)] virtual ADLOG::CP_RegExp::~CP_RegExp(): Entering DTOR ~CP_RegExp
[ PID ...]@HostName[Date Time] kiss_pm_patterns_destroy: Entered with: kiss_pm_patterns: 0x...
[ PID ...]@HostName[Date Time] [ADLOG_EVENT_PROCESS(TD::Surprise)] bool ADLOG::EventFilterManager::addRejectedUsers(const std::vector<std::string, std::allocator<std::string> >&): Failed to process rejected users.
[ PID ...]@HostName[Date Time] [ADLOG_MANAGER(NAC::IS::TD::Surprise)] bool ADLOG::GatheringManager::configureEvents(const std::string&): Error while processing ignored users.
Cause
- Configured Regular Expression does not contain a "Longest Simple String" (LSS) within the pattern
- Configured Regular Expression contains the following types of characters within the pattern:
- "\D" - any character that is not a decimal digit
- "\S" - any character that is not whitespace
- "\W" - any non-word character (not underscore or alphanumeric)
These character types are not incorrectly converted to lower case.
As a result, they "\D", "\W" or "\S" will be interpreted by the Pattern Matcher as "\d", "\w" or "\s", respectively.
Solution
|
Note: To view this solution you need to
Sign In
.
|
