04-17-2014 08:50 AM
I have ClearPass Guest up and running, and users can submit registration requests to sponsors. I have customized the registration page to use the sponsor lookup.
The problem I am having is that any use in our active directory can sponsor someone, and I want to limit it to a select group of people. I have created an AD group "WiFi Approvers", and put a few individual users in this group. I then created a translation rule that assigns members of this group the operator profile of "Reception and Front Desk".
If I do a test lookup on my server with a user that is NOT in this group, the lookup is successful, and returns:
'profile_name' => 'Null Profile',
If I do a test lookup on my server with a user that is in this group, the lookup is successful, and returns:
'profile_name' => 'Reception and Front Desk',
So I would think everything is good, but any user can sponsor someone.
When I look in CPPM --> Access Tracker and open
under Authorization Attributes it says
|Authorization:[Guest User Repository]:SponsorName||admin|
and under Computed Attributes it has
Now the sponsor this was sent to is name "test" not "Admin" so there is definately something I am missing.
Can I limit who can sponser based on an AD group?
Solved! Go to Solution.
04-17-2014 12:06 PM - edited 04-17-2014 12:07 PM
Read through the following thread on this topic:
You need to create a custom LDAP filter, it can look something like this:
# Match users in any of these groups
# Match users by any of these criteria
Systems Engineer, Northeast USA
AMFX | ACCX | ACDX | ACMX