Security

Looking at my freshly-installed 6.11 server, I no longer see the attribute filter queries for the Authentication Sources - like Guest User Repository and Guest Device Repository.

Were these removed, or are they hidden? They must still be functioning somehow for the standard values to be retrieved. I wanted to call to a special attribute I added in CP:Guest for my devices and users.

Can you please open a TAC Case? I have not seen this before and may or may not be intentional. Please be aware that modifying factory default sources/roles/policies/services should be avoided whenever possible. You can create a SQL source with the appexternal account to create custom lookups/queries.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Nov 13, 2022 12:40 PM
From: Ryan Higgins
Subject: CPPM 6.11 - Auth Sources Missing SQL Filter Queries

Looking at my freshly-installed 6.11 server, I no longer see the attribute filter queries for the Authentication Sources - like Guest User Repository and Guest Device Repository.

Were these removed, or are they hidden? They must still be functioning somehow for the standard values to be retrieved. I wanted to call to a special attribute I added in CP:Guest for my devices and users.

Good to know about not adding to the default SQL queries. I will try to avoid this.
I will reach out to TAC to look at the missing query info - I was surprised as well, and figured it was hidden to prevent what I am trying to do.

With the appexternal method you suggest, I can make that work well enough - should function great.

Do you know if there are any special considerations when connecting to its localhost postgresql database besides using the other account name? Do I need to connect to both 5433 and 5432 as the release notes suggest? I am unsure why that would be the case or how to make two connections. I’ll try it out later and follow up.

---------------------------------
ryh
---------------------------------



Original Message:
Sent: Nov 14, 2022
From: Herman Robers
Subject: RE: CPPM 6.11 - Auth Sources Missing SQL Filter Queries

Can you please open a TAC Case? I have not seen this before and may or may not be intentional. Please be aware that modifying factory default sources/roles/policies/services should be avoided whenever possible. You can create a SQL source with the appexternal account to create custom lookups/queries.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Nov 13, 2022 12:40 PM
From: Ryan Higgins
Subject: CPPM 6.11 - Auth Sources Missing SQL Filter Queries

Looking at my freshly-installed 6.11 server, I no longer see the attribute filter queries for the Authentication Sources - like Guest User Repository and Guest Device Repository.

Were these removed, or are they hidden? They must still be functioning somehow for the standard values to be retrieved. I wanted to call to a special attribute I added in CP:Guest for my devices and users.

Just use 5432, and as/if you are using the loopback address 127.0.0.1, you don't need to care about opening up ports.

BTW, port 5433 is only used starting ClearPass 6.11 to separate the configuration and log databases:

Ensure port 5433 is open in order to access the Insight database. Port 5433 is also used for connecting to the tipsLogDb in ClearPass 6.11.0.
For Insight queries you may need to change the port to 5433, but endpoint db/Guest you should be good with port 5432.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Nov 14, 2022 02:45 PM
From: Ryan Higgins
Subject: CPPM 6.11 - Auth Sources Missing SQL Filter Queries

Good to know about not adding to the default SQL queries. I will try to avoid this.
I will reach out to TAC to look at the missing query info - I was surprised as well, and figured it was hidden to prevent what I am trying to do.

With the appexternal method you suggest, I can make that work well enough - should function great.

Do you know if there are any special considerations when connecting to its localhost postgresql database besides using the other account name? Do I need to connect to both 5433 and 5432 as the release notes suggest? I am unsure why that would be the case or how to make two connections. I'll try it out later and follow up.

---------------------------------
ryh

Original Message:
Sent: Nov 14, 2022
From: Herman Robers
Subject: RE: CPPM 6.11 - Auth Sources Missing SQL Filter Queries

Can you please open a TAC Case? I have not seen this before and may or may not be intentional. Please be aware that modifying factory default sources/roles/policies/services should be avoided whenever possible. You can create a SQL source with the appexternal account to create custom lookups/queries.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Nov 13, 2022 12:40 PM
From: Ryan Higgins
Subject: CPPM 6.11 - Auth Sources Missing SQL Filter Queries

Looking at my freshly-installed 6.11 server, I no longer see the attribute filter queries for the Authentication Sources - like Guest User Repository and Guest Device Repository.

Were these removed, or are they hidden? They must still be functioning somehow for the standard values to be retrieved. I wanted to call to a special attribute I added in CP:Guest for my devices and users.