Valued Contributor I

TLS CNs and matching with AD usernames

I have some Role generation rules that assign specific Roles based upon whether a user is in a specific AD group e.g. "UoY NEtwork Group" role assignment if (Authorization:UoY AD Authentication:memberOf  CONTAINS cn=g0790stf,ou=Inst,ou=Groups,ou=UoY,DC=its,DC=york,DC=ac,DC=uk


When creating eap-tls client certificates I set up the CN to be "userid-{4 digit hex number}"


This sort of screws up the UoY Network Group Role "as" certainly isn't in that AD group.


Is there any way of using a regex to strip out  my userid from the start of the Full-Username and use that when comparing against contents of an AD group 


Guru Elite

Re: TLS CNs and matching with AD usernames

Is the fully qualified username correct in any part of the certificate?

Tim Cappalli | Aruba Security
@timcappalli | | ACMX #367 / ACCX #480
Valued Contributor I

Re: TLS CNs and matching with AD usernames

Actually the solution was simple ( thanks to the PM I received from an Airheads user). All I had to do was replace








in the service processsing the eap-tls stuff


and it all worked, e.g. for the username becomes as1558, which is what we want





Re: TLS CNs and matching with AD usernames

Thanks for the tip, that may work with a TLS vs. AD username problem I'm facing as well.


if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Search Airheads
Showing results for 
Search instead for 
Did you mean: