Security

Hi,

How can I get GuestUser:SponsorName to work with LDAP queries, under Policy Manager?
I want to block all mac track devices if the Sponsor user account is disabled or blocked.
I can see GuestUser:sponsor_email, but am unable to use the GuestUser:sponsorname / sponsor username.

Thanks

------------------------------
Ricardo Duarte
------------------------------

Hi Ricard,

Do you have add do_ldap... field ?

------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

ACEP / ACMX #107 / ACDX #1281
------------------------------

Original Message:
Sent: Apr 21, 2021 06:32 PM
From: Ricardo Duarte
Subject: Use GuestUser:SponsorName with LDAP

Hi,

How can I get GuestUser:SponsorName to work with LDAP queries, under Policy Manager?
I want to block all mac track devices if the Sponsor user account is disabled or blocked.
I can see GuestUser:sponsor_email, but am unable to use the GuestUser:sponsorname / sponsor username.

Thanks

------------------------------
Ricardo Duarte
------------------------------

Hi,

Yes, I do alread have that.
The problem is not inside "Guest". After registration, I can't query LDAP under Tips Services to do a real-time check for ldap account.
Because I can't get ClearPass to make queries to LDAP using GuestUser:sponsorname.

To make it somehow clear, what I want to do is to have an LDAP Authentication source that uses the following filter:

(&(objectClass=user)(sAMaccountName=%{GuestUser:sponsorname}) 

But ClearPass does not fill the GuestUser:sponsorname in the query.

It does work if I use:

(&(objectClass=user)(sAMaccountName=%{GuestUser:sponsor_email}) 


But for some particular reason, this query will not work for me in my scenario. I need to query by sponsorname.




------------------------------
Ricardo Duarte
------------------------------

Original Message:
Sent: Apr 27, 2021 07:54 AM
From: Alexis La Goutte
Subject: Use GuestUser:SponsorName with LDAP

Hi Ricard,

Do you have add do_ldap... field ?

------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

ACEP / ACMX #107 / ACDX #1281

Original Message:
Sent: Apr 21, 2021 06:32 PM
From: Ricardo Duarte
Subject: Use GuestUser:SponsorName with LDAP

Hi,

How can I get GuestUser:SponsorName to work with LDAP queries, under Policy Manager?
I want to block all mac track devices if the Sponsor user account is disabled or blocked.
I can see GuestUser:sponsor_email, but am unable to use the GuestUser:sponsorname / sponsor username.

Thanks

------------------------------
Ricardo Duarte
------------------------------

Hi,

It is better to open a issue on TAC...

------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

ACEP / ACMX #107 / ACDX #1281
------------------------------

Original Message:
Sent: Apr 27, 2021 12:49 PM
From: Ricardo Duarte
Subject: Use GuestUser:SponsorName with LDAP

Hi,

Yes, I do alread have that.
The problem is not inside "Guest". After registration, I can't query LDAP under Tips Services to do a real-time check for ldap account.
Because I can't get ClearPass to make queries to LDAP using GuestUser:sponsorname.

To make it somehow clear, what I want to do is to have an LDAP Authentication source that uses the following filter:

(&(objectClass=user)(sAMaccountName=%{GuestUser:sponsorname}) 

But ClearPass does not fill the GuestUser:sponsorname in the query.

It does work if I use:

(&(objectClass=user)(sAMaccountName=%{GuestUser:sponsor_email}) 


But for some particular reason, this query will not work for me in my scenario. I need to query by sponsorname.




------------------------------
Ricardo Duarte

Original Message:
Sent: Apr 27, 2021 07:54 AM
From: Alexis La Goutte
Subject: Use GuestUser:SponsorName with LDAP

Hi Ricard,

Do you have add do_ldap... field ?

------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

ACEP / ACMX #107 / ACDX #1281

Original Message:
Sent: Apr 21, 2021 06:32 PM
From: Ricardo Duarte
Subject: Use GuestUser:SponsorName with LDAP

Hi,

How can I get GuestUser:SponsorName to work with LDAP queries, under Policy Manager?
I want to block all mac track devices if the Sponsor user account is disabled or blocked.
I can see GuestUser:sponsor_email, but am unable to use the GuestUser:sponsorname / sponsor username.

Thanks

------------------------------
Ricardo Duarte
------------------------------