Not sure what you are trying to achieve. The filter limits the search for users, it does not do anything else with the OU information; and for that reason you probably don't want to change the filter query in this case.
If you ONLY want to authenticate users that are in ONE specific OU, create/duplicate your Authentication Source and set the Base DN to that OU, example: Base DN =
OU=Airheads,CN=Users,DC=nl,DC=arubalab,DC=com. With that, users that authenticate and are NOT in the specific OU, will not be able to authenticate.
If you want ALL users to authenticate, but make an authorization decision based on which OU they are in, follow the Role Mapping/Enforcement strategy that I mentioned above. You could even use that to achieve that only users in a specific OU get access, others will be rejected.
In case it is still unclear to you, it may be good to open a TAC support cases and go with them through your desired scenario. Or if you can provide like 5 examples of users in different OUs and what policy you want for them, we may be able to provide you more guidance.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Aug 16, 2022 02:49 AM
From: Mohammad AlHaddad
Subject: help with OU in Clearpass...
Hello Herman,
I need to add OU in Authentication Sources in the active directory before I add Authentication for sAMAccountName for the username with
(&(objectClass=user)(sAMAccountName=%{Authentication:Username}))
I see in your video, now I need the same for OU but I can't make it work.
Thank you
Original Message:
Sent: Aug 16, 2022 02:14 AM
From: Herman Robers
Subject: help with OU in Clearpass...
You can either change the Search DN in the authentication source, to only search in a specific OU, or if you have multiple OUs that you want to use for role mapping or enforcement, use a mapping/enforcement role like:
Authentication:YourAD UserDN CONTAINS OU=MyDepartment, => Assign role or enforcement
Where you can check an existing authentication in Access Tracker, and if that is for example:
UserDN CN=Herman MBP. Robers,OU=Airheads,CN=Users,DC=nl,DC=arubalab,DC=com
... take from there the OU= up to and including the comma (,) to match on.
That should work.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Aug 14, 2022 01:18 AM
From: Mohammad AlHaddad
Subject: help with OU in Clearpass...
Hello,
I need help with OU I add the:
(&(objectClass=user)(sAMAccountName=%{Authentication:Username}))
for username and work great, now I want add ou for department name any help?
thank you