Security

our guest port is setup to require a sponsor name and email but not require sponosor confirmation. i'd like to make the sponsor email query ldap to make sure the sponsor email is a valid email within our company and not abc@mydomain.com. Currently we're using isvalidemail validator with the array below just to confrim it's an email in our domain. Any suggestions?

array (
'allow' =>
array (
0 => 'mydomain.com',
),
'deny' =>
array (
),
)

i don't currently.

Like cappalli mentioned you need to define your LDAP server and enable LDAP lookup

I've set that up.

close but not exactly what i was trying to do. i can set a field as a sponsor lookup field now but i'm just wanting the user to manually type in an email address and the field to give a warning if it's not a valid email in ldap. but i don't want to give them a search box or a list of valid emails that can be chosen. maybe i just need help with creating the form now. 

Was their any resolution on this? I'm trying to do the same thing, but with sponsor's name instead of email.

Is there a way to query AD to see if that user exists, but I don't want them to see a suggested list of users. If that employee doesn't exist, they want to deny access or show error on registration page.

nope never did get it to work. just left it verifying proper @abc.com and watching for strange emails.

Hello,

I have this same problem.

I need to use the sponsor_email field, and when the user introduces the complete email, check if the email is valid in a LDAP group filter.

can you help me?

We have several items defined under ADMIN -> OPERATOR LOGINS -> SERVERS that are tied into our "Sponsor's Name" field on our guest self reg portal.

We have a custom LDAP filter defined under user search with the following --

(&
  (objectClass=user)
  (objectCategory=person)
  (|
    # Match users in any of these groups
    (memberOf=CN=some-group,OU=some-ou,DC=my-org,DC=edu)
  )
  (|
    # Match users by any of these criteria
    (sAMAccountName=*@SEARCH@*)
    (displayName=*@SEARCH@*)
    (cn=*@SEARCH@*)
    (sn=*@SEARCH@*)
    (givenName=*@SEARCH@*)
  )
)

This allows users to punch in a few letters of a name and get a list of possible matching sponsors. We have a pretty large group of sponsors, and a lot of our guests are on mobile devices, so we felt that the convenience of only have to punch in 3 letters to get your sponsor outweighed the initial influx of "spam" emails that we received from random users off the street.

You could add (mail=*@SEARCH@*) to make emails a searchable item. You could remove the * * from each statement to make the exact search input the only thing that returns a result. I think. :)