Security

Reply
Frequent Contributor I

authenticate clearpass using OU and assign VLAN

Hi experts

 

we're trying to assign vlan based on OU rather than group membership. Like if computer is in one of these OUs - assign VLAN 100

if not - go with VLAN 50

 

it's okay using this with groups, but OUs - needing a new attribute added? 

Guru Elite

Re: authenticate clearpass using OU and assign VLAN

You can use UserDN ENDS_WITH in your AD/LDAP authorization source.


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: authenticate clearpass using OU and assign VLAN

Hi Tim, can you explain that a bit more perhaps with a screen shot of a rule?  "UserDN ENDS_WITH"    then what?

 I saw userDN as an authorization attrubute, but couldnt seem to get anything to act on it since it appears to not be sending anyhting

Authorization:BPS_LDAP:UserDN

What I'd like to act on is the top level OU (in this case BPS Computers) as a catch all for domain machines.   ie 

Authorization:BPS_LDAP:memberOf  EQUALS  BPS Computers

But I'm not sure if I have to add that to the attribute filter set in the Auth sources?

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: