User Guide
OmniAccess SafeGuard OS Administration Guide
283
Chapter 6: Configuring Authentication and Role Derivation
To match attribute values, use the match command in rulemap mode:
match class.name rule-op value
Syntax Description class.name Attribute name based on the authentication
type. For detailed lists of attributes by class, see
the following references:
■ AD attributes; see Table 22 on page 283
■ RADIUS attributes; see Table 23 on page 286
■ System attributes; see Table 24 on page 288
■ DHCP attributes; see Table 25 on page 288
■ Text string formats; see Table 26 on page 289
rule-op Each attribute type can support one or more
rule comparator operations depending the
class.name. See the corresponding description
of the attribute to see the supported rule
operations. The comparator operators are
defined as:
■ exists – The attribute exists in the
authentication event
■ equals – The attribute value matches the
user-supplied rule value
■ contains – The attribute value contains the
user-supplied rule value
■ contained-by – The attribute is completely
contained by the rule value
■ less-than – The numeric value is converted
and compared to see if it is less than the
value in the mapping table
■ greater-than – The numeric value is
converted and compared to see if it is more
than the value in the mapping table
■ not – Inverts the match criteria
value Value can have one or more items listed as
entries. Multiple entries are listed and separated
by commas. String values are not case sensitive.
Table 22 AD Attributes
Attribute Description
ad.city Match rule baed on value of ad.city. Supported
operations for this attribute are: contains, equals, exists,
not.