Security

Reply
Occasional Contributor I
Posts: 5
Registered: ‎07-16-2015

Regex syntax in CPPM 6.4

Hi,

 

I'm trying to modify our eduroam configuration to match on two organisation names.

 

Currently I match (e.g.) Full-Username CONTAINS uni-1.edu.au

 

I need to match now on uni-1.edu.au or uni-2.edu.au

 

I've tried things like

MATCHES_REGEX uni-1.edu.au|uni-2.edu.au

 

but it totally fails to match anything.

 

Another complication is I use CONTAINS rather than ENDS_WITH as some smart devices append a space on auto-complete of the username.

 

Can someone provide details of how to do a match for two domains, allowing for trailing spaces?

 

It is a real shame the service rule is so inflexible, and needs to be a match ANY or ALL, and not something like this AND this and either of this OR this.

 

Regards,

Guru Elite
Posts: 7,839
Registered: ‎09-08-2010

Re: Regex syntax in CPPM 6.4

The regex for multiple domains would be:
\b.*(uni-1\.edu\.au|uni-2\.edu\.au)\b

In terms of the space issue, I would not recommend allowing those devices to connect. It will generate help desk calls when they are at another eduroam university and can't connect.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor I
Posts: 5
Registered: ‎07-16-2015

Re: Regex syntax in CPPM 6.4

Hi Tim. That RegEx seems to work. To invalidate the trailing space I'd need a character at the end like a $ to say it must be the end of the line?

 

I'm about to get our service desk to start contacting users with connection errors with obvious typo in their username, like "su" not "au" due to fat fingers, I'll add the trailing space fix to their work.

 

Thanks.

Guru Elite
Posts: 7,839
Registered: ‎09-08-2010

Re: Regex syntax in CPPM 6.4

Yes. You definitely don't want to allow the trailing space to pass auth because they will not be able to authenticate when they leave your campus.


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Regular Contributor I
Posts: 176
Registered: ‎12-17-2008

Re: Regex syntax in CPPM 6.4

 How do you make this case-insensitive? 

And by the way, what is Clearpass's re syntax? Another massive documentation omission last time I had an extensive look.


--
ACMA ACMP
Guru Elite
Posts: 7,839
Registered: ‎09-08-2010

Re: Regex syntax in CPPM 6.4

Add a \i to the end

Sent from Nine

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Regular Contributor I
Posts: 176
Registered: ‎12-17-2008

Re: Regex syntax in CPPM 6.4

already tried it.. doesn't match anything now


--
ACMA ACMP
Occasional Contributor I
Posts: 5
Registered: ‎07-16-2015

Re: Regex syntax in CPPM 6.4

My functioning regex looks like

 

(?i)\b.*(target-1|target-2)\b$

 

if target contains a "." period, use \.

 

Regular Contributor I
Posts: 176
Registered: ‎12-17-2008

Re: Regex syntax in CPPM 6.4

thanks will try it..

 

looks very much like perl re but wish it was stated somewhere.


--
ACMA ACMP
Search Airheads
Showing results for 
Search instead for 
Did you mean: