Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-ClearPass Virtual Appliances

211

212

213

214

215

216

217

218

219

220

218 | Authentication Methods and Sources Dell Networking W-ClearPass Policy Manager 6.6 | User Guide

The following table describes the Configure Filter Page > Filter tab parameters:

Parameter Action/Description

Find Node To find a node, enter the DN, then click the Go button.

Select the attributes for

filter

This table has a Name and Value column. You can enter the attribute name in the

following two ways:

l By selecting a node, inspecting the attributes, and then manually entering the

attribute name by clicking on Click to add... in the table row.

l By selecting an attribute on the right hand side of the LDAP browser. The attribute

name and value are automatically populated in the table.

The attribute value can be a value that is automatically populated by selecting an

attribute from the browser, or it can be manually populated. To aid in populating the

value with dynamic session attribute values, a drop-down with the commonly used

namespace and attribute names is presented.

Table 102: Configure Filter Page > Filter Tab Parameters

Creating Filters

The goal of filter creation is to help Policy Manager find a user or device connecting to the network in LDAP or

Active Directory. To create a filter:

1. From the Filter tab, click on a node that you want to extract user or device information from.

For example, browse the Users container in Active Directory and select the node for a user (Alice, for

example). On the right hand side, you can view the attributes associated with that user.

2. Select the attributes that help Policy Manager identify the user or device.

For example, in Active Directory, an attribute called sAMAccountName stores the user ID.

The attributes that you select are automatically populated in the Filter table displayed below the browser

section with their values.

In this example, if you select sAMAccountName, the row in the Filter table shows this attribute with a

value of Alice (assuming you picked Alice’s record as a sample user node).

After Step 2, you can have values for a specific record (in this example, Alice’s record).

3. Change the value to a dynamic session attribute that helps Policy Manager associate a session with a

specific record in LDAP/Active Directory.

For example, if you selected the sAMAccountName attribute in Active Directory, click the Value field and

select %{Authentication:Username}.

When Policy Manager processes an authentication request, %{Authentication:Username} is populated

with the user ID of the user connecting to the network.

4. Add more attributes from the selected node and continue with Step 2.

Attributes Configuration

The Attributes tab defines the attributes to be fetched from the Active Directory or LDAP directory.

You can also enable each attribute as a role, which means the value fetched for this attribute can be used

directly in enforcement policies. For more information, see Configuring Enforcement Policies on page 371.