Administrator Guide
562 | Operator Logins Dell Networking W-ClearPass Guest 6.5.0 | User Guide
LDAP Translation Rules
LDAP translation rules specify how to determine operator profiles based on LDAP attributes for an
authenticated operator.
To create a new LDAP translation rule:
1. Go to Administration > Operator Logins > Translation Rules, and then click the Create new
translation rule link. The Edit Translation Rule form opens.
2. In the Name field, enter a self-explanatory name for the translation rule. In the example above, the
translation rule is to check that the user is an administrator, hence the name MatchAdmin.
3. Select the Enabled check box to enable this rule after you create it. If you do not select this check box, the
rule you create will appear in the rules list, but will not be active until you enable it.
4. Click the Matching rule drop-down list and select a rule. The Matching Rule field can be one of:
n (blank) – always matches
n contains – case-insensitive substring match anywhere in string
n matches – regular expression match, where the value is a Perl-compatible regular expression including
delimiters (for example, to match the regular expression “admin” case-insensitively, use the value
“/admin/i”; See "Regular Expressions" on page 616 for more details about regular expressions)
n equals – case-insensitive string comparison, matches on equality
n does not equal – case-insensitive string comparison, matches on inequality
n less than – numerical value is less than the match value
n greater than – numerical value is greater than the match value
n starts with – case-insensitive substring match at start of string
n ends with – case-insensitive substring match at end of string