Related, in video format and using the tokenGroups method instead of SubGroupmemberOf.
Official ClearPass
documentation is using tokenGroups.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------
Original Message:
Sent: Apr 18, 2021 01:42 AM
From: Ariya Parsamanesh
Subject: ClearPass solution to check if the user is member of nested or higher level AD group
I have added the second method to this technote which is based on LDAP OID (1.2.840.113556.1.4.1941)
------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
Original Message:
Sent: Apr 01, 2021 02:16 AM
From: Ariya Parsamanesh
Subject: ClearPass solution to check if the user is member of nested or higher level AD group
This is a short demo guide using ClearPass to check if the user is member of nested or higher level AD group. There are many cases that the users are member of a sub group that are all part of a higher level group and you want to create a enforcement policy with fewer rules to check for the membership of a AD user group.
I have added the second method to this technote which is based on LDAP OID (1.2.840.113556.1.4.1941)
Hope you'll find it useful and as always please send through your feedback for improvements.
regards
------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
------------------------------