I have ClearPass Guest up and running, and users can submit registration requests to sponsors. I have customized the registration page to use the sponsor lookup.
The problem I am having is that any use in our active directory can sponsor someone, and I want to limit it to a select group of people. I have created an AD group "WiFi Approvers", and put a few individual users in this group. I then created a translation rule that assigns members of this group the operator profile of "Reception and Front Desk".
If I do a test lookup on my server with a user that is NOT in this group, the lookup is successful, and returns:
'profile_name' => 'Null Profile',
If I do a test lookup on my server with a user that is in this group, the lookup is successful, and returns:
'profile_name' => 'Reception and Front Desk',
So I would think everything is good, but any user can sponsor someone.
When I look in CPPM --> Access Tracker and open
under Authorization Attributes it says
Authorization:[Guest User Repository]:SponsorName | admin |
and under Computed Attributes it has
GuestUser:sponsor_email | test@domain.com |
GuestUser:sponsor_profile_name | IT Administrators |
Now the sponsor this was sent to is name "test" not "Admin" so there is definately something I am missing.
Can I limit who can sponser based on an AD group?