I'm trying to know if a user in AD it's on a specific security group, I tried using the example in https://www.pingidentity.com/en/blog/2013/07/25/looping_in_ognl.html and change it to fit my needs
#admin="",
#groups = #this.get("ds.LDAP.memberOf")!=null?#this.get("ds.LDAP.memberOf").getValues() : {},
#i= 0,
#groups.{
#group = new javax.naming.ldap.LdapName(#groups[#i]),
#cn = #group.getRdn(#group.size() - 1).getValue().toString(),
#admin=#cn.equals("Managers")?true:"",
#i = #i + 1 },
#admin=(#admin!="")?true:""
But my script only return true when the CN I 'm searching i'ts the first in the list, otherwise it returns empty. I checked and the length of the groups array it's only one item containing all the groups but the Active Directory is returning all the memberOf in one line like CN=Managers,CN=Users,DC=company,DC=com, CN=Finance,CN=Users,DC=company,DC=com, CN=Employees,CN=Users,DC=company,DC=com .
Try the following:
#memberOf=#this.get("ds.LDAP.memberOf").toString(),#idx=#memberOf.indexOf("GROUPNAME"), #result = #idx >= 0 ? "TRUE": "FALSE"