Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Sponsor - Pre-populated LDAP drop-down list to specific AD group

This thread has been viewed 2 times

  • 1.  Sponsor - Pre-populated LDAP drop-down list to specific AD group

    Posted Oct 26, 2016 07:15 PM

    Trying to setup a Guest self reg page with sponsor.  For the Sponsor, I want to allow the end user to select from a pre-populated list of a specific names from an existing LDAP/AD Group.

     

    I have the ldap sponsor lookup working that is locked down to a specific ad group with the following custom ldap filter:

     

    (&
    (objectClass=user)
    (objectCategory=person)
    (|
    # Match users in this group
    (memberOf=CN=SponsorGroup,CN=Users,DC=***********,DC=com)
    )
    (|
    # Match users by any of these criteria
    (sAMAccountName=*@SEARCH@*)
    (displayName=*@SEARCH@*)
    (cn=*@SEARCH@*)
    (mail=*@SEARCH@*)
    )

     

    When setting up the sponsor_lookup form field, tried changing "user interface" from multiple-selection-list for searachable lookup, that works flawlessly, to drop-down, leaving the "Enable searching and advanced UI" checked off.  When attempting this, I get a blank drop down list.

     

    Thoughts?



  • 2.  RE: Sponsor - Pre-populated LDAP drop-down list to specific AD group

    Posted Jun 14, 2017 08:59 AM

    Hi,

     

    does anyone have a solution for this? I need more or less the same. 

    I need to have different dropdown lists based on which location the user is coming from. I know how to configure the location aware lists, but I don't know how to make the LDAP query automatically in a dropdown list (without any user interaction)



  • 3.  RE: Sponsor - Pre-populated LDAP drop-down list to specific AD group

    EMPLOYEE
    Posted Jun 14, 2017 09:02 AM
    Why not create different versions of the form for each location and add the appropriate LDAP config to each one?


  • 4.  RE: Sponsor - Pre-populated LDAP drop-down list to specific AD group

    Posted Jun 14, 2017 09:14 AM

    Tim,

    I don't know if you got me right but this is not my problem. My problem is the dropdown field which should have the values of the specific "wireless sponsor" group.



  • 5.  RE: Sponsor - Pre-populated LDAP drop-down list to specific AD group

    EMPLOYEE
    Posted Jun 14, 2017 09:27 AM

    Right, and the LDAP filter is different based on where the user is conencting from right?



  • 6.  RE: Sponsor - Pre-populated LDAP drop-down list to specific AD group

    Posted Jun 14, 2017 09:51 AM

    right. I have multiple operator servers and multiple register pages - one per location. Every operator server (LDAP) includes only the the filter expression based on the sponsor group.

    The form "sponsor lookup" for each location is working fine. But based on the selected user interface (multiple selection list) and the select2 options (default) I have to type at least 2 characters to get any results.

     

    What I try to achieve is to have a dropdown list with all members of the sponsor group which I define in the filter expression. With this solution, no user interaction is necessary - except of clicking the dropdown.
    I know i can configure the email list statically but the sponsors changing very rapidly and I don't want to configure this every second day. :/

     

    Or maybe I got you wrong?



  • 7.  RE: Sponsor - Pre-populated LDAP drop-down list to specific AD group

    Posted Nov 25, 2019 10:04 AM

    I would like to do the same.  Using a AD group the domain team can add and remove users from a specific group on thier end based on rights and employment status and on my end it is a static group so that the only variable is the AD group that is dynamic. Allowing the ClearPass part to be statically set and not needed to be touched again.