Deployment Guide
256 | Custom LDAP Translation Processing Dell Networking W-ClearPass Guest 6.0 | Deployment Guide
Translation rules are processed in order, until a matching rule is found that does not have the Fallthrough field set.
To edit the matching rule list, select an entry in the table to display a menu that lets you perform the following
actions:
l Edit – changes the configuration of matching rule
l Delete – removes matching rule from the list
l Duplicate – creates a duplicate copy of an existing rule
l Disable – temporarily disables the rule without deleting it from the rule list
l Enable – reenables a disabled operator login
l Move Up – moves the rule up to a higher priority on the rule list
l Move Down – moves the rule down to a lower priority on the rule list
Custom LDAP Translation Processing
When matching an LDAP translation rule, custom processing may be performed using a template.
The template variables available are listed in the table below.
Variable Description
$attr
The name of the LDAP attribute that was matched.
$user
Contains settings for the operator, including all LDAP attributes
returned from the server.
Table 23:
Template Variables
For a Smarty template syntax description, See "Smarty Template Syntax" on page 264. These may be used to make
programmatic decisions based on the LDAP attribute values available at login time.
For example, to permit non-administrator users to access the system only between the hours of 8:00 am and 6:00
pm, you could define the following LDAP translation rule: