Security

Reply
New Contributor

validate sponsor email against ldap

our guest port is setup to require a sponsor name and email but not require sponosor confirmation. i'd like to make the sponsor email query ldap to make sure the sponsor email is a valid email within our company and not abc@mydomain.com. Currently we're using isvalidemail validator with the array below just to confrim it's an email in our domain. Any suggestions?

 

 

array (
'allow' =>
array (
0 => 'mydomain.com',
),
'deny' =>
array (
),
)

Guru Elite

Re: validate sponsor email against ldap

Do you have an LDAP server defined in ClearPass Guest?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor

Re: validate sponsor email against ldap

i don't currently.

Re: validate sponsor email against ldap

Like cappalli mentioned you need to define your LDAP server and enable LDAP lookup

 

2014-09-18 13_26_07-Available Plugins.png

 

2014-09-18 00_02_10-ClearPass Policy Manager - Aruba Networks.png

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
New Contributor

Re: validate sponsor email against ldap

I've set that up.

 

close but not exactly what i was trying to do. i can set a field as a sponsor lookup field now but i'm just wanting the user to manually type in an email address and the field to give a warning if it's not a valid email in ldap. but i don't want to give them a search box or a list of valid emails that can be chosen. maybe i just need help with creating the form now. 

Re: validate sponsor email against ldap

Was their any resolution on this? I'm trying to do the same thing, but with sponsor's name instead of email.

 

Is there a way to query AD to see if that user exists, but I don't want them to see a suggested list of users. If that employee doesn't exist, they want to deny access or show error on registration page.


Thank you.

Michael Haring | AIS Consultant
Architecture and Implementation Solutions
Optiv Security Inc. | www.optiv.com
New Contributor

Re: validate sponsor email against ldap

nope never did get it to work. just left it verifying proper @abc.com and watching for strange emails.

Occasional Contributor II

Re: validate sponsor email against ldap

Hello,

 

I have this same problem.

 

I need to use the sponsor_email field, and when the user introduces the complete email, check if the email is valid in a LDAP group filter.

 

can you help me?

Contributor II

Re: validate sponsor email against ldap

We have several items defined under ADMIN -> OPERATOR LOGINS -> SERVERS that are tied into our "Sponsor's Name" field on our guest self reg portal.

 

We have a custom LDAP filter defined under user search with the following --

 

 

(&
  (objectClass=user)
  (objectCategory=person)
  (|
    # Match users in any of these groups
    (memberOf=CN=some-group,OU=some-ou,DC=my-org,DC=edu)
  )
  (|
    # Match users by any of these criteria
    (sAMAccountName=*@SEARCH@*)
    (displayName=*@SEARCH@*)
    (cn=*@SEARCH@*)
    (sn=*@SEARCH@*)
    (givenName=*@SEARCH@*)
  )
)

This allows users to punch in a few letters of a name and get a list of possible matching sponsors. We have a pretty large group of sponsors, and a lot of our guests are on mobile devices, so we felt that the convenience of only have to punch in 3 letters to get your sponsor outweighed the initial influx of "spam" emails that we received from random users off the street.

 

 

You could add (mail=*@SEARCH@*) to make emails a searchable item. You could remove the * * from each statement to make the exact search input the only thing that returns a result. I think. :)

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: