We are trying to add AD computer account attributes as additional AD authorization source LDAP query.
Our main type of authentication is macauth, and we are unable to use 802.1x machine authentication at this moment. Therefore we are trying to use the endpoint repository hostname for the LDAP query.
Off course using Endpoint DHCP Hostname data as single authentication source itself would be bad, since easily spoofed.
Based on some other solutions offered by the community we have setup a new AD source with the below filter query
(&(cn=%{Authorization:[Endpoints Repository]:Hostname})(objectClass=computer))
Executing the filter manually with hostname works well.
The service itself is setup with two authentication sources, the [Endpoint Repository] and the created AD Source.
But this still doesnt do the job, the additional attributes do not show up with authentication. Based on some other forum posts it seems others got this working.
The access tracker log has the below error
WARN Util.ParameterizedString - getReplacedStrings: Failed to replace parameString =(&(cn=%{Authorization:Endpoints Repository]:Hostname})(objectClass=computer)), error=No values for param=Authorization:Endpoints Repository]:Hostname
WARN Ldap.LdapQuery - execute: Failed to construct filter=(&(cn=%{Authorization:Endpoints Repository]:Hostname})(objectClass=computer))
Any suggestions are much appreciated!
Arjen