Blue Coat Systems Time Clock Proxy SG Manuale Utente

ProxySG Content Policy Language Guide

74

has_attribute.name=

Tests if the current transaction is authenticated in an LDAP realm and if the authenticated user has the 
specified LDAP attribute. If the attribute specified is not configured in the LDAP schema and 

yes

 is 

used in the expression, the condition always yields false. This trigger is unavailable if the current 
transaction is not authenticated (that is, the 

authenticate

 property is set to 

no

). 

If you reference more than one realm in your policy, consider disambiguating 

has_attribute

 tests by 

combining them with a 

realm=

 test. This reduces the number of extraneous queries to authentication 

services for attribute information that does not pertain to that realm.

This condition is incompatible with Novell eDirectory servers. If the 

 attribute is 

configured in the LDAP schema, then all users are reported by the eDirectory server to 
have the attribute, regardless of whether they actually do. This can cause unpredictable 
results. 

has_attribute.name=yes|no 

where 

 is an LDAP attribute. Case-sensitivity for the attribute name depends on the realm 

definition in configuration.

•

Use  in 

<Admin>

 and 

<Proxy>

 layers.

•

Applies to proxy and administrate transactions.

•

This condition cannot be combined with the 

authenticate( )

or 

socks.authenticate( )

 

properties.

; The following policy allows users to access the proxy if they have the 

; LDAP attribute ProxyUser. The attribute could have any value, even null.

; Generally this kind of policy would be established in the first proxy layer, 

; and would set up either the blacklist or whitelist model, as desired.

<proxy>

authenticate(LDAPRealm)

; Setting up a whitelist model

<proxy>

deny has_attribute.ProxyUser=no

; Setting up a blacklist model

<proxy>

allow has attribute.ProxyUser=yes

deny