Security

Hey Guy´s,

 

i have created a guest Portal with sponsor confirmation. It works fine. I have a field with Sponsor_email, where the guest hast to write in the mail from the sponsor. In the moment he can write there everthing. Is it possible to only allow there a spezial AD Group? 

 

That means, when the guest writes an email from a user, which is not in this ad group the mail is not send?

 

Regards Stefan

 

 

Why not simply configure LDAP sponsor lookup and then point that config to look only into the group you want?

 

Saves your guests from having to type the email address even.

 

A couple options :
You could setup a static email group (distribution group) and add a nickname and the user won't be able to edit or entirely just hide the field
http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/How-create-a-sponsors-list-on-self-registration-login-on-CP/m-p/194729#M14469

Use LDAP with a restriction to anAD group
http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/LDAP-Lookup-for-Sponsor-Restriction/m-p/161876#M12095

Get Outlook for iOS

Hello Viktor. 

 

I tried it like in the Post you send, but it does not work. When i test my Server i get an ok and also see the right email. When i try to register a guest, i get an error that the sponsor email is not valid. I am not sure if i have to configure under the DO_LDAP_Lookup field. 

 

Regards Stefan

 

 

You should be able to use an LDAP v3 URL which includes an LDAP filter to filter the results of your LDAP query:

 

ldap://host:port/dn?attributes?scope?filter?extensions

 

where filter could be (memberOf=<adgroup>).

 

Check the Managing LDAP Operator Authentication Servers section of the ClearPass Guest user guide.