Security

Reply

Clearpass: memberof contains a space and regex solutions?

All,

 

I'm currently working with a customer that has multiple spaces in their various AD groups. I've tried to match on these groups by putting the whole "CN=" into a pair of quotes, which did not work. I'm now trying to figure this out using regex commands. I've been using the following site to help figure this out:

 

http://rubular.com/

 

I came up with the following regex:

 

\FirstWord\b[\s|\S]*\bSeconWord\b[\s|\S]*\bThirdWord\

 

Which should match a memberof group for a group titled "FirstWord SecondWord ThirdWord" where the spaces in between the words can be white spaces or non-white spaces, or line breaks.

 

I'm trying to get this configuration as tight as possible an didn't want to match three times on the FirstWord, then the SecondWord, and then a final contain match on the ThirdWord.

 

Any help would be appreciated, thanks!

 

-Mike

Re: Clearpass: memberof contains a space and regex solutions?

You should be able to do this without reg exp; what if you will use the "groups" attribute? 

 

The access tracker should contain group memberships for that specific user that logs in under "computed attributes". 

 

You should be able to use EQUALS in your rule against the groups attribute.


ACMX#255 | ACMP | ACCP | AWMP
www.securelink.nl

Re: Clearpass: memberof contains a space and regex solutions?

Arjan,

 

That was spot on! I had no idea that was an available option. I've been trying to do kludgy pattern matching on groups with spaces for a while; this tip is going to become my new go-to method.

 

Thanks, that really helped!

 

-Mike

Aruba

Re: Clearpass: memberof contains a space and regex solutions?


Aarjan_k wrote:

 

You should be able to use EQUALS in your rule against the groups attribute.


When creating your rules for AD group memberships, you should use CONTAINS rather than EQUALS.   The reason is that the memberOf computed attrbutes contains multiple values (see below), therefore the EQUALS will not work as expected.

 

cppm-memberof.png

 

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Re: Clearpass: memberof contains a space and regex solutions?

We're talking here about the "Groups"-attribute, not the "memberOf"-attribute. Groups contains a list of groups the user is member of. You can use EQUALS just like you would with "Tips:Role" where the user/endpoint could have multiple roles.

 

 

For me this is also a bit confusing; but I just tested this again, and the usage of EQUALS actually works fine aginst the Groups-attribute; even if the user is member of multiple groups.


ACMX#255 | ACMP | ACCP | AWMP
www.securelink.nl
Aruba

Re: Clearpass: memberof contains a space and regex solutions?

arjan_k,

 

Yes, I am sorry you are correct.  I was basing my response off of the original post title which included "memberof".  Your method of using Groups and EQUALS will indeed work as well.

 

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: