Occasional Contributor I

CPPM and Paloalto API Integration - Username Manipulation



I'm trying to link our CPPM 6.4 to our new Paloalto.


The issue is our wireless (eduroam) is authenticating with email addresses stored in AD/LDAP UPN field. For some students this is "" and for staff it is "". Either way, this is completly different to what the PA is expecting. It wants acctname or DOMAIN\acctname. However our domain is "", or UNI\, so\First.Last is no good.


I need to know if it is possible to manipulate the parameters in the API call to not use the UPN/authenticated full username, but instead use the short form of the user, and force the domain (UNI\) onto the strings. That is UNI\acctname


Are any of these usable:


Authorization:(My LDAPS):ShortName


In this parameter?






Re: CPPM and Paloalto API Integration - Username Manipulation

The parameters we show in the PANW context server screen cannot and should not be amended. I've been asking Engineering to remove this for a while now as it serves no purpose to you in the field and repeatably just like this posting leads to confusion.

Best Regards

ClearPass Product Manager

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Occasional Contributor I

Re: CPPM and Paloalto API Integration - Username Manipulation

I'll open a case and ask for assistance or if a custom engineering fix is available. I dont want to go via the syslog approach unless I have to.



Search Airheads
Showing results for 
Search instead for 
Did you mean: