Security

Hi everyone. I am trying to do a role mapping in ClearPass based on a custom attribute defined in a generic LDAP server. I have added the server as an authentication source with type Generic LDAP and have checked the box to fetch attributes for role mapping. I have also added attributes to the source to pull the info I need for the user. The filter queries are working fine (I think), but when I see an authentication come through, there are no authorization attributes coming from the LDAP server (see screenshots below). Can someone point me in the right direction to get the authorization working on a Generic LDAP server? Thanks.

Add it as an authorization source to your service instead of an authentication source.

Thanks, Tim. I have it as an authentication source and an authorization source. See screenshot.

Remove it from your authentication list. In access tracker, you'll see it's hitting that source instead of AD.

Still no love. And now the user authentication fails as well since the user account lives only in that generic LDAP database.

Oh sorry. Misread. I thought you were only using LDAP for authorization.

In access tracker, I see "Adjunct". Is that coming from the MajorAffiliation attribute?

This is my role mapping. Currently, faculty and staff live in AD-2012 and students live in IDM. The idea is to apply the role based on the authentication source and the custom attribute called ***majoraffiliation. I have a catchall for IDM mapping the user to the Adjunct role just so I can do CoAs as I test changes.

when you have it for authentication and authorization again. have you double checked all spelling and caps? do other attributes show up?