Manualshelf

Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances
691692693694695696697698699700
692 | Operator Logins Dell Networking W-ClearPass Guest 6.6 | User Guide
Configuring LDAP Translation Rules
LDAP translation rules specify how to determine operator profiles based on LDAP attributes for an
authenticated operator.
To create a new LDAP translation rule, go to Administration > Operator Logins > Translation Rules, and
then click the Create new translation rule link. The Edit Translation Rule form opens.
Figure 483 The Edit Translation Rule Form
Field Description
Name (Required) Name for this translation rule that describes what the rule does. In the example shown in
Figure 483, the translation rule is to check that the user is an administrator, hence the name
MatchAdmin.
Enabled If selected, this rule will be used when processing reply attributes. If this check box is not selected,
the rule will appear in the rules list, but will not be active until you enable it.
Attribute
Name
Name of the attribute; for example, “memberof”. For all attributes, use an asterisk (*).
Matching
Rule
Specifies the matching rule to apply to the value of the attribute. Options include:
l always match
l contains Case-insensitive substring match anywhere in string.
l matches Regular expression match, where the value is a Perl-compatible regular expression
including delimiters. For example, to match the regular expression “admin case-insensitively,
use the value /admin/i”. See "Regular Expressions" on page 749 for more details about regular
expressions.
l equals Case-insensitive string comparison, matches on equality.
l does not equal Case-insensitive string comparison, matches on inequality.
l less than Numerical value is less than the match value.
Table 320: Edit Translation Rule Form