Security

Reply
Occasional Contributor I

Dynamic Comparison in Role Map

I'm looking for a way to compare two dynamic values in a role map. I'd like to compare the first four characters of Host:Name with the first four characters of RADIUS:IETF:Called-Station-Id.

 

Something like "Host:Name begins_with left(%{RADIUS:IETF:Called-Station-ID},4)" would be perfect if an Excel like left() fuction was a thing.

 

Is something like this possible in a role map or do I need to configure/build something else first to make the role map comparison easier?

 

 

Guru Elite

Re: Dynamic Comparison in Role Map

What is the use case here?

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I

Re: Dynamic Comparison in Role Map

My company has several locations. We want to identify when a device moves from one location to another. 

Guru Elite

Re: Dynamic Comparison in Role Map

Comparing partial values between two dynamic sources is not possible today.


Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I

Re: Dynamic Comparison in Role Map

Do you know if it's possible to create a custom attribute that could be built from %{RADIUS:IETF:Called-Station-ID}? i.e. Taking part of the Called-Station-ID and storing it in Connection:Custom-Attribute?

Guru Elite

Re: Dynamic Comparison in Role Map

Likely possible with lots of custom SQL.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: