Security

last person joined: 14 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Creating Role Mapping for a new LDAP group (Error 403: Forbidden)

This thread has been viewed 1 times

  • 1.  Creating Role Mapping for a new LDAP group (Error 403: Forbidden)

    Posted Sep 23, 2020 03:37 AM

    Dear Experts,

     

    We need to give read-only authority in Clearpass to a group in our company. We are using LDAP to login so we've already had our working LDAP in Clearpass.
     
    This group has defined a new group on LDAP named XYZ. I want to add the XYZ group as a read-only role to access Clearpass.

    For this purpose, I did those as follows;

    1. I created a role for read-only users. 
       a. [TACACS Read-only Admin]
    2. I created the role-mapping and added the AD group of the relevant users. 
       b. (Authorization:Company_LDAPs:memberOf  CONTAINS XYZ)

    However, when the user tries to come to the Clearpass page, the page where he will enter his information is not loaded and gets the following error;
     
    Error 403: Forbidden. Error in accessing application. You're not permitted to access the application. 
     
    User telnet to Clearpass IP with no problem. So there is no problem with security permissions.

     

    Could you help me find out where I am missing or doing it wrong?

     

    Thanks in advance,