I'm trying to do something similar to...
using NOT EXISTS in ADFS claim rules
Imagine I have user accounts as follows;
| cn |
employeeNumber |
homeDirectory |
| Alice |
Alice |
\\server\share\314159 |
| Bob |
|
\\server\share\271828 |
I want to issue an immutableID claim such that...
- if employeeNumber value exists, use that
- if employeeNumber does not exist, then issue the last 6 characters from the homeDirectory attribute
Hence, the token would be something like...
| cn |
immutableID |
| Alice |
Alice |
| Bob |
271828 |
How would I do this?
The
claim rule language primer doesn't help for this scenario.
I know I have to add employeeNumber, then test it and if so, lookup the user's homedirectory, then extract the last 6 digits. I'm fairly sure it's possible, I just don't know how?
