I've connected the IVE appliance to Microsoft Active directory and am retrieving the company attribute to dynamically build file UNC paths e.g
However if the company attribute is blank the user could potentially list the entire main tree level which I need to avoid.
I was hoping to create a file access policy along the lines of
userAttr.company = '' -> then deny as its blank and permit all else.
What appears to happen is that if the attribute is blank it is not retrieved in the LDAP lookup and this above condition is never true.
Aside from flipping the logic on its head and listing every case such as:
userAttr.company = 'CUSTOMER' OR userAttr.company = 'SUPPLIER' etc.....
Is there a simple way to check on a File Access policy is the attribute is blank or not returned at all?
Something along the lines of.....
If Not exists userAttr.company or userAttr.company = BLANK -> Deny