Security

Reply
Frequent Contributor I
Posts: 84
Registered: ‎01-27-2016

Guest - Sponsorship Confirmation - LDAP

For Self-Registration with Sponsorship confirmation, you have the option to use LDAP to get a list of Sponsors as defined in the operator login servers. This works fine for a single list.

 

Is it possible to define multiple servers (thus multiple AD groups) so the guest can choose what location they are in? If an organization has multiple facilities, we would like to narrow the list so the guest cannot pick someone from a different office as well as give them less choices.

 

Only solution I can think of is multiple Self-Registration pages which are called based on the location the guest user is connecting. I could also define several Operator Servers that match each location.

 

I am not sure how I would specify which Operator Server to use on the Self Registration Page (Sponsorship Confirmation). It seems to be locked into a single, non-adjustable, operator server. 

 

Any suggestions?

 

Thanks! 

Frequent Contributor I
Posts: 84
Registered: ‎01-27-2016

Re: Guest - Sponsorship Confirmation - LDAP

Correction, I beleive the edit would be made in the Forms and Views - Sponsor_Lookup field. User Interface - Multiple Selection List. I guess I would want multiple User Interfaces for more than one Multiple Selection List.... Or at least be able to customize which Operator Server is used and create multiple self-registration pages. 

Aruba Employee
Posts: 35
Registered: ‎09-23-2013

Re: Guest - Sponsorship Confirmation - LDAP

How about if you create a single splash page, which redirects to different guest self-reg pages, which are all uniquely configured with their  own LDAP sponsor lookup based on APGROUPS?

 

For example, create a new web page:

CPGuest > Config > Pages > Create New > call it splash.php

 

Try some APGROUP logic:

{if $apgroup == "SJ"}
<!-- redirect to san jose page here -->
{elseif $apgroup == "SF"}
<!-- redirect to san francisco page here -->
{else}
<!-- redirect to catch-all city page here -->
{/if}

And use the redirect code:

<meta http-equiv="refresh" content="0;url=CHANGE_THIS_PAGE_RESPECTIVELY.php"/>

See also: https://arubapedia.arubanetworks.com/afp/index.php/ClearPass_Guest_HTML_Cheatsheet#Dynamic_images_or_defining_custom_variables_for_APGROUPS

 

Frequent Contributor I
Posts: 84
Registered: ‎01-27-2016

Re: Guest - Sponsorship Confirmation - LDAP

Thats a great thought! 

 

I had found that I can embed multiple Sponsor-Lookup fields on the same guest page if I duplicate and add more Sponsor-lookup's. If I edit the base field for each of these duplicates, I see that there is a "Select2 Options:" in which has a value "#ajax.args.server = <Name of server from Administration » Operator Logins » Servers>" - I think I can remove the comment and enter the unique Operator Login server that is specifically configured for the right location. Now each field will have the proper list of sponsors based on what site they select on the page. 

 

I however have had little time to test that out!

 

I think either your solution or mine will work, I just need to find the time to test them!

 

Thanks 

Aruba Employee
Posts: 98
Registered: ‎03-15-2011

Re: Guest - Sponsorship Confirmation - LDAP

That is your solution.  Duplicate the self-reg keeping one as the Parent.  Note that even though the comment says to use the name of the server, I would try and get the ID of it.  The edit page will have the ID up in the URL bar.

Search Airheads
Showing results for 
Search instead for 
Did you mean: