0

I am currently determining VLAN/dACL assignment based off of group membership of the computer authenticating and would like to instead switch to determining VLAN/dACL assignment based off of the OU location of the computer. I seem to be unable to acquire the UserDN. Any assistance or hints as how I can achieve this would be greatly appreciated.

How to achieve what I'd like to do using Aruba ClearPass https://community.arubanetworks.com/community-home/digestviewer/viewthread?MID=20287

I attempted the following but after debugging realized that LDAP-UserDN is empty:

if ( LDAP-UserDN =~ /(.*),OU=IRStaff,OU=Computers,DC=company,DC=net$/ ) {
                                update reply {
                                        Service-Type := "Framed"
                                        Framed-Protocol := "PPP"
                                        Tunnel-Private-Group-Id := "10"
                                        Tunnel-Type := "VLAN"
                                        Tunnel-Medium-Type := "IEEE-802"
                                }
                        }
another_netadmin
  • 93
  • 7

1 Answers1

1

After paying closer attention to the comments in the ldap modules (I have multiple to account for several domains). I adjusted the following in all of them:

From user_dn = "LDAP-UserDn" To user_dn = "${.:instance}-LDAP-UserDn"

After that I was able to determine a VLAN to use based on the OU the computer was in with the following in the post-auth section of a virtual server

if ( &control:companynet-ldap-LDAP-UserDn =~ /(.*),OU=IRStaff,OU=Computers,DC=company,DC=net$/ ) {
                                update reply {
                                        Service-Type := "Framed"
                                        Framed-Protocol := "PPP"
                                        Tunnel-Private-Group-Id := "10"
                                        Tunnel-Type := "VLAN"
                                        Tunnel-Medium-Type := "IEEE-802"
                                }
another_netadmin
  • 93
  • 7