Using EAP-TLS for the connection and all users and devices have a certificate issued by a certificate authority.
How does ClearPass process the Computed Attributes and why would it leave out the certificate information especially when EAP-TLS is being used which requires the certificate?
When I use the following LDAP query, the certificate information shows up under Computed Attributes:
(|(&(objectClass=user)(sAMAccountName=%{Authentication:Username}))(&(objectClass=user)(userPrincipalName=%{Authentication:Username})))
When I change to the following LDAP query, the Certificate information is no longer included in the Computed Attributes and the query fails.
(&(|(&(objectClass=user)(sAMAccountName=%{Authentication:Username}))(&(objectClass=user)(userPrincipalName=%{Authentication:Username})))(|(&(objectClass=computer)(distinguishedName=%{Certificate:Subject-DN}))(&(objectClass=user)(distinguishedName=%{Certificate:Subject-DN}))))
Nothing is changed on the client, only the LDAP query in the Authentication source has changed.
I have manually tested the LDAP query in the ClearPass Authentication Source and it returns a single result with no errors.