Custom expressions

You can use the Custom expression field to define a user class based on the values of any SecureTransport user attributes and LDAP attributes include custom attributes.

The following user attributes are supported:

  • fdxUid – User ID (UNIX-based systems only)
  • fdxGid – Group ID
  • fdxHomeDir – Home folder
  • fdxUserType – User type
  • fdxShell – User shell (UNIX-based systems only)
  • fdxSysUser – Name of a local or domain user of the Windows server whose credentials SecureTransport uses to access the Windows files in the session (Windows only)
  • Any custom SecureTransport user attribute defined in the LDAP domain. See Define attribute mappings for a domain.

The following variables that represent values from the SecureTransport LDAP domain are supported:

  • LDAP_DOMAIN_ID – Internal ID
  • LDAP_DOMAIN_NAME – Value of the Domain Name field
  • LDAP_DN – Value of the Base DN field
  • LDAP_AUTH_BY_EMAIL – Value of the Login by Email field, 0 for Disabled, 1 for Enabled

The following constants are supported:

  • Numeric constants: -5, 100, .5, 1.05, 3.14159D, 6.0221415e23, 214748364, 0xFFECDE5E
  • Character constants: 'a', '\u0061', '\t', '\u0009', '\n', '\b', '\r', '\f', '\\', '\"'  
  • String constants: "Finance", "US", "^.*@finance\.example\.com$"
  • Logical constants: true, false
  • Null constant: null (represents no value, so fdxShell = null is true if that fdxShell is not defined)

The following functions are supported:

  • isSet(" A") – true if there is a session variable named A
  • memberOf( A, B$collection) – true if A is a member of the multivalued session variable B
  • toInt( A) – converts A to an integer
  • toString( A) – converts A to an string

SecureTransport evaluates the expression based on the following operator precedence from highest to lowest:

  • Logical unary not
  • Arithmetic unary + and -
  • Arithmetic binary *, /, and % (integer remainder)
  • Arithmetic binary + and -
  • String concatenation +
  • Numeric, date and string comparison >, >=, <, <=, and like
  • Logical, numeric, date, and string comparison = and <>
  • Logical and
  • Logical or
  • Conditional expression A ? B : C (which has the value B if A is true or C if A is not true)

Use parentheses to group expressions and override the operator precedence.

SecureTransport dynamically converts numeric expressions to long integers, single-precision real numbers, or double-precision real numbers when it is necessary to evaluate an operator. When an operator requires a logical value, SecureTransport converts any value of a type other than logical to false.

The like operator matches its string left operand against a string right operand that is a Java regular expression. The result is true if the regular expression matches all of the left operand. The backslash ( \) is the escape character Java regular expressions, so, in a regular expression, use two backslashes ( \\) to match a backslash. See the examples.

The following expression checks for virtual users who are in one of three groups:

fdxUserType = "virtual" and (fdxGid = 1200 or fxdGid = 1400 or fdxGid = 1500)

The following expression tests the prefix of the user home directory on a Windows system:

fdxHomeDir like "C:\\home\\users\\finance\\.*"

The following two expressions return the same result, checking the email address against different regular expressions depending on the UID:

fdxUid > 100 and fdxUid <= 200 and fdxEmail like ".*@finance\.example\.com" or fdxEmail like ".*@hr\.example\.com"

fdxEmail like (fdxUid > 100 and fdxUid <= 200 ? ".*@finance\.example\.com" : ".*@hr\.example\.com")

Related topics:

Related Links