Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Defining the Sponsor Server in Guest Self-Registrations

This thread has been viewed 3 times

  • 1.  Defining the Sponsor Server in Guest Self-Registrations

    Posted Dec 02, 2016 03:02 PM
    1. I have 2 different Guest Self-Registration entries:  1 for the corporate office and 1 for the remote sites. The corporate office instance uses the sponsor drop-down menu with a hook into Active Directory to populate that field, which is working perfectly.  
    2. However, the one for the remote sites I've run into 2 separate issues:  How can I key in on 1 particular OU to populate the sponsor list?  I don't want the entire corporate list in the drop down...just the users that are in the remote site OU. 
    3. Where in the Guest Self-Registration configuration do I point at that AD server instance that uses that remote site OU?  

            I want this guy: 

    Capture.JPG

            To use this guy:

    Capture.JPG

     



  • 2.  RE: Defining the Sponsor Server in Guest Self-Registrations
    Best Answer

    EMPLOYEE
    Posted Dec 02, 2016 03:10 PM

     

    When you define the server, use the OU you want to restrict to.

     

    For example, this will restrict to users in the "Staff" OU:

    ldap-sponsor-restricted-ou.PNG

     

    To set the server profile, edit the Select2 options in the sponsor_lookup field for the form.

    sponsor-server-definition.PNG



  • 3.  RE: Defining the Sponsor Server in Guest Self-Registrations

    Posted Dec 02, 2016 03:19 PM

    Thank you kindly. 

    Quick question:  in the Select2 Option field you highlighted, does it require the name of the server itself (FQDN), or does it require the name of the Operator Server entry that I created ("AD for MOBs")?



  • 4.  RE: Defining the Sponsor Server in Guest Self-Registrations

    EMPLOYEE
    Posted Dec 02, 2016 03:22 PM
    The name of the server from the name field.


  • 5.  RE: Defining the Sponsor Server in Guest Self-Registrations

    Posted Dec 02, 2016 03:34 PM

    Thank you, Tim.  Looks like I can get it to work if I change the priority from default 50 to 49.  If it shares the same priority as the Corporate AD server entry (50), the Corporate one no longer works and the Remote site AD entry takes over both Corporate and Rremote.  It's never easy :)



  • 6.  RE: Defining the Sponsor Server in Guest Self-Registrations

    Posted Dec 05, 2016 03:31 PM

    Because I have 2 LDAP servers listed (depicted above in previous post), it wants the one with the top priority (lowest number).  If both have a priority of 50, the request goes to the first LDAP server in the list. The #ajax.args.server = LDAP SERVER has no bearing on anything. 

    If I change the Remote Site LDAP server to 49, the Corporate side (and Remote Site side) will use that entry.  It doesn't matter that the #ajax.args.server = Corporate LDAP.  With this type of logic built in, having 2 LDAP servers to accommodate 2 different Guest Self-Registrations is impossible.  



  • 7.  RE: Defining the Sponsor Server in Guest Self-Registrations
    Best Answer

    EMPLOYEE
    Posted Dec 05, 2016 03:35 PM

    Try removing the # sign before ajax.args.server



  • 8.  RE: Defining the Sponsor Server in Guest Self-Registrations

    Posted Dec 05, 2016 03:40 PM

    F&#% me!!!!!  You're the man Tim.  Thank you kindly.