04-05-2016 08:49 AM
Hi everyone. I am trying to do a role mapping in ClearPass based on a custom attribute defined in a generic LDAP server. I have added the server as an authentication source with type Generic LDAP and have checked the box to fetch attributes for role mapping. I have also added attributes to the source to pull the info I need for the user. The filter queries are working fine (I think), but when I see an authentication come through, there are no authorization attributes coming from the LDAP server (see screenshots below). Can someone point me in the right direction to get the authorization working on a Generic LDAP server? Thanks.
04-05-2016 09:02 AM
Add it as an authorization source to your service instead of an authentication source.
04-05-2016 09:11 AM
Remove it from your authentication list. In access tracker, you'll see it's hitting that source instead of AD.
04-05-2016 09:27 AM
Oh sorry. Misread. I thought you were only using LDAP for authorization.
In access tracker, I see "Adjunct". Is that coming from the MajorAffiliation attribute?
04-05-2016 09:33 AM
This is my role mapping. Currently, faculty and staff live in AD-2012 and students live in IDM. The idea is to apply the role based on the authentication source and the custom attribute called ***majoraffiliation. I have a catchall for IDM mapping the user to the Adjunct role just so I can do CoAs as I test changes.