Security

Reply
Super Contributor II

TLS CNs and matching with AD usernames

I have some Role generation rules that assign specific Roles based upon whether a user is in a specific AD group e.g. "UoY NEtwork Group" role assignment if (Authorization:UoY AD Authentication:memberOf  CONTAINS cn=g0790stf,ou=Inst,ou=Groups,ou=UoY,DC=its,DC=york,DC=ac,DC=uk

 

When creating eap-tls client certificates I set up the CN to be "userid-{4 digit hex number}@york.ac.uk"

 

This sort of screws up the UoY Network Group Role "as userid-abcd@york.ac.uk" certainly isn't in that AD group.

 

Is there any way of using a regex to strip out  my userid from the start of the Full-Username and use that when comparing against contents of an AD group 

 

Guru Elite

Re: TLS CNs and matching with AD usernames

Is the fully qualified username correct in any part of the certificate?

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: