Security

I've searched through the community and the manuals however I'm coming up short on a step by step approach to getting the Sponsor Lookup to work. I'm using CPPM 6.3.0.60730

I've configured the LDAP server on Clearpass guest and I'm succesfully able to perform lookups and authentications.

After this, I get hung up.

I've read sponsor_lookup needs to be added to the guest_register form. However I'm unable to add any fields to this form. I've been doing a lot of trial and error, but I'm uanble to get it to work. Does anyone have a step-by-steb doc on how to get this to work? Thanks so much.

1. In your Self reg page you will need to edit the field on the registration page.

2. By default it is not in the list. Click insert after on one of the top fields select sponsor lookup (see pic2 shows it added)

Troy,

Thanks for your quick response!! So it now shows up in the form. However the lookup seems very spotty and inconsistent with a results returning and then an error stating 'Cannot Search for Users'. Is there any best practices on how to set this up for stability?

Thanks again

After further testing I think the issue is a bug with clearpass using LDAPS. I found information here.

http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/ClearPass-Guest-Error-Operator-Login-LDAP-Bind-failed/m-p/133723/highlight/true#M9232

Once i switched to regular LDAP stability regarding the lookup stabalized. Thanks for your help

Hi Troy,

One additional question about the LDAP Sponsored lookup. I'm trying to test out a scenario where the returned email address is different than the default in a Sponsored Guest Login page. I've gone to the following location:

CP Guest > Administration > Operator Logins > Servers > "My LDAP server" > Sponsor Lookups > and changed the following:

#sponsor_email | userPrincipalName
sponsor_email | mail

When I go to Configuration > Guest Self-Registration > "My LDAP Sponsored Lookup" > Go To > I'm able to search for a user, select them as an option, and fire off an email that is addressed to the "mail" attribute in AD.

The one slight issue I'm having is with the LDAP Search itself. The search returns my username in the following fashion:

Mike Courtney

mcourtney@top.local

It looks like the "mcourtney@top.local" is being pulled by the "sponsor_lookup" field from the "userPrincipalName" in AD, not from the "email" attribute. This field looks like it's using the following Ajax routine:

ajax.url = NwaLdapSponsorUserSearchAjax

Is there a way to change this Ajax field to display a different email address?

Thanks for the help!

-Mike

Hi Mike,

If you're specifically talking about what is being displayed to the user when doing the Sponsor Lookup, you need to update the Display Attributes section under CP Guest > Administration > Operator Logins > Servers > "My LDAP server" > User Search >

I hope this helps.

Josh

Hi Josh,

That was spot on - thanks for the help!

-Mike

Glad I could help. I've been tinkering around with LDAP Sponsor Lookup a lot :smileyhappy: