I have device registration and a "mydevices" portal setup via a clearpass application service. This all works fine. I am trying to create a group of users who can see/register under multiple roles. I currently have this setup under the service , role mapping as
(Authorization:[Local User Repository]:Role_Name EQUALS UB_Staff_Reg) | UB_Staff_Reg |
This all works fine. I originally started with userdn equals xxxx. But I expect a long list of users and did not want to have to list them all individually in the role mapping. So I moved to this model which allows me to use the local database to mark a user as able to register other users. I am unhappy with this model as I suspect I might need the local database role_name for somethig else in the future.
what I really need is a way to just have a list of usernames that are in this group. Besides adding an external authorization soure I am not sure how to do this. My second option was to add attributes in the local database that I can query off for this. Attributes are better than the "role_name" as I may use role name for something else. I can add attributes just fine but I can not get my service to do role mapping on them.
I thnk I need to add a filter under sources [local user repository] but am unclear how to do this.
Any ideas how to do this?