Security

last person joined: 15 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass: memberof contains a space and regex solutions?

This thread has been viewed 3 times

  • 1.  Clearpass: memberof contains a space and regex solutions?

    Posted Feb 07, 2014 02:59 PM

    All,

     

    I'm currently working with a customer that has multiple spaces in their various AD groups. I've tried to match on these groups by putting the whole "CN=" into a pair of quotes, which did not work. I'm now trying to figure this out using regex commands. I've been using the following site to help figure this out:

     

    http://rubular.com/

     

    I came up with the following regex:

     

    \FirstWord\b[\s|\S]*\bSeconWord\b[\s|\S]*\bThirdWord\

     

    Which should match a memberof group for a group titled "FirstWord SecondWord ThirdWord" where the spaces in between the words can be white spaces or non-white spaces, or line breaks.

     

    I'm trying to get this configuration as tight as possible an didn't want to match three times on the FirstWord, then the SecondWord, and then a final contain match on the ThirdWord.

     

    Any help would be appreciated, thanks!

     

    -Mike



  • 2.  RE: Clearpass: memberof contains a space and regex solutions?
    Best Answer

    Posted Feb 07, 2014 03:22 PM

    You should be able to do this without reg exp; what if you will use the "groups" attribute? 

     

    The access tracker should contain group memberships for that specific user that logs in under "computed attributes". 

     

    You should be able to use EQUALS in your rule against the groups attribute.



  • 3.  RE: Clearpass: memberof contains a space and regex solutions?

    Posted Feb 07, 2014 03:45 PM

    Arjan,

     

    That was spot on! I had no idea that was an available option. I've been trying to do kludgy pattern matching on groups with spaces for a while; this tip is going to become my new go-to method.

     

    Thanks, that really helped!

     

    -Mike



  • 4.  RE: Clearpass: memberof contains a space and regex solutions?

    Posted Feb 07, 2014 04:14 PM
    @Aarjan_k wrote:

     

    You should be able to use EQUALS in your rule against the groups attribute.

    When creating your rules for AD group memberships, you should use CONTAINS rather than EQUALS.   The reason is that the memberOf computed attrbutes contains multiple values (see below), therefore the EQUALS will not work as expected.

     

    cppm-memberof.png

     

     



  • 5.  RE: Clearpass: memberof contains a space and regex solutions?

    Posted Feb 07, 2014 04:54 PM

    We're talking here about the "Groups"-attribute, not the "memberOf"-attribute. Groups contains a list of groups the user is member of. You can use EQUALS just like you would with "Tips:Role" where the user/endpoint could have multiple roles.

     

     

    For me this is also a bit confusing; but I just tested this again, and the usage of EQUALS actually works fine aginst the Groups-attribute; even if the user is member of multiple groups.



  • 6.  RE: Clearpass: memberof contains a space and regex solutions?

    Posted Feb 07, 2014 05:21 PM

    arjan_k,

     

    Yes, I am sorry you are correct.  I was basing my response off of the original post title which included "memberof".  Your method of using Groups and EQUALS will indeed work as well.