Security

Reply
Contributor I
Posts: 25
Registered: ‎11-25-2013

Clearpass Guest - LDAP Sponsor Lookup

I've searched through the community and the manuals however I'm coming up short on a step by step approach to getting the Sponsor Lookup to work. I'm using CPPM 6.3.0.60730

 

I've configured the LDAP server on Clearpass guest and I'm succesfully able to perform lookups and authentications.

After this, I get hung up.

 

I've read sponsor_lookup needs to be added to the guest_register form. However I'm unable to add any fields to this form. I've been doing a lot of trial and error, but I'm uanble to get it to work. Does anyone have a step-by-steb doc on how to get this to work? Thanks so much.

 

Aruba
Posts: 1,542
Registered: ‎06-12-2012

Re: Clearpass Guest - LDAP Sponsor Lookup

1. In your Self reg page you will need to edit the field on the registration page.

2. By default it is not in the list. Click insert after on one of the top fields select sponsor lookup (see pic2 shows it added)

 

sponsor1.png

 

sponsor2.png

 

sponsor3.png

 

sponsor4.png

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Contributor I
Posts: 25
Registered: ‎11-25-2013

Re: Clearpass Guest - LDAP Sponsor Lookup

Troy,

 

Thanks for your quick response!! So it now shows up in the form. However the lookup seems very spotty and inconsistent with a results returning and then an error stating 'Cannot Search for Users'. Is there any best practices on how to set this up for stability?

 

Thanks again

Contributor I
Posts: 25
Registered: ‎11-25-2013

Re: Clearpass Guest - LDAP Sponsor Lookup

After further testing I think the issue is a bug with clearpass using LDAPS. I found information here.

 

http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/ClearPass-Guest-Error-Operator-Login-LDAP-Bind-failed/m-p/133723/highlight/true#M9232

 

Once i switched to regular LDAP stability regarding the lookup stabalized. Thanks for your help

MVP
Posts: 371
Registered: ‎01-14-2010

Re: Clearpass Guest - LDAP Sponsor Lookup

Hi Troy,

 

One additional question about the LDAP Sponsored lookup. I'm trying to test out a scenario where the returned email address is different than the default in a Sponsored Guest Login page. I've gone to the following location:

 

CP Guest > Administration > Operator Logins > Servers > "My LDAP server" > Sponsor Lookups > and changed the following:

 

#sponsor_email | userPrincipalName
sponsor_email | mail

 

When I go to Configuration > Guest Self-Registration > "My LDAP Sponsored Lookup" > Go To > I'm able to search for a user, select them as an option, and fire off an email that is addressed to the "mail" attribute in AD.

 

The one slight issue I'm having is with the LDAP Search itself. The search returns my username in the following fashion:

 

Mike Courtney

mcourtney@top.local

 

It looks like the "mcourtney@top.local" is being pulled by the "sponsor_lookup" field from the "userPrincipalName" in AD, not from the "email" attribute. This field looks like it's using the following Ajax routine:

 

ajax.url = NwaLdapSponsorUserSearchAjax

 

Is there a way to change this Ajax field to display a different email address?

 

Thanks for the help!

 

-Mike

Contributor I
Posts: 25
Registered: ‎11-25-2013

Re: Clearpass Guest - LDAP Sponsor Lookup

Hi Mike,

 

If you're specifically talking about what is being displayed to the user when doing the Sponsor Lookup, you need to update the Display Attributes section under CP Guest > Administration > Operator Logins > Servers > "My LDAP server" > User Search >

 

 

I hope this helps.

 

Josh

MVP
Posts: 371
Registered: ‎01-14-2010

Re: Clearpass Guest - LDAP Sponsor Lookup

Hi Josh,

 

That was spot on - thanks for the help!

 

-Mike

Contributor I
Posts: 25
Registered: ‎11-25-2013

Re: Clearpass Guest - LDAP Sponsor Lookup

Glad I could help. I've been tinkering around with LDAP Sponsor Lookup a lot :smileyhappy:

Search Airheads
Showing results for 
Search instead for 
Did you mean: