Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances
211212213214215216217218219220
The following table describes the available directories:
Directory Default Filters
Active Directory l Authentication: This filter is used for authentication. The query searches in the
objectClass of the type user. This query finds both user and machine accounts in Active
Directory:
(&(objectClass=user)(sAMAccountName=%{Authentication:Username}))
After a request arrives, Policy Manager populates %{Authentication:Username} with
the authenticating user or machine. This filter is also configured to fetch the following
attributes based on this filter query:
n dn (alias of UserDN): This is an internal attribute that is populated with the user or
machine record’s DN
n department
n title
n company
n memberOf: In Active Directory, this attribute is populated with the groups that the
user or machine belongs to. This is a multi-valued attribute.
n telephoneNumber
n mail
n displayName
n accountExpires
l Group: This is a filter used for retrieving the name of the groups a user or machine
belongs to.
(distinguishedName=%{memberOf})
This query fetches all group records, where the distinguished name is the value
returned by the memberOf variable. The values for the memberOf attribute are
fetched by the first filter (authentication) described above. The attribute fetched with
this filter query is cn, which is the name of the group.
l Machine: This query fetches the machine record in Active Directory.
(&(objectClass=computer)(sAMAccountName=%{Host:Name}$))
%{Host:Name} is populated by Policy Manager with the name of the connecting host if
available. dNSHostName, operatingSystem, and operatingSystemServicePack
attributes are fetched with this filter query.
l Onboard Device Owner: This is the filter for retrieving the name of the owner the
onboard device belongs to. This query finds the user in the Active Directory
(&(sAMAccountName=%{Onboard:Owner})(objectClass=user))
%{Onboard:Owner} is populated by Policy Manager with the name of the onboarded
user.
l Onboard Device Owner Group: This filter is used for retrieving the name of the
group the onboarded device owner belongs to.
(distinguishedName=%{Onboard memberOf})
This query fetches all group records where the DN is the value returned by the
Onboard memberOf variable. The attribute fetched with this filter query is cn, which is
the name of the Onboard group.
Generic LDAP
Directory
Authentication: This is the filter used for authentication.
(&(objectClass=*)(uid=%{Authentication:Username}))
When a request arrives, Policy Manager populates %{Authentication:Username} with
the authenticating user or machine. This filter is also set up to fetch the following
attributes based on this filter query:
Table 100: Active Directory/Generic LDAP Default Filters
Dell Networking W-ClearPass Policy Manager 6.6 | User Guide Authentication Methods and Sources | 215