Super Contributor II

TLS CNs and matching with AD usernames

I have some Role generation rules that assign specific Roles based upon whether a user is in a specific AD group e.g. "UoY NEtwork Group" role assignment if (Authorization:UoY AD Authentication:memberOf  CONTAINS cn=g0790stf,ou=Inst,ou=Groups,ou=UoY,DC=its,DC=york,DC=ac,DC=uk


When creating eap-tls client certificates I set up the CN to be "userid-{4 digit hex number}"


This sort of screws up the UoY Network Group Role "as" certainly isn't in that AD group.


Is there any way of using a regex to strip out  my userid from the start of the Full-Username and use that when comparing against contents of an AD group 


Guru Elite

Re: TLS CNs and matching with AD usernames

Is the fully qualified username correct in any part of the certificate?

Tim Cappalli | Aruba Security
@timcappalli | | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: