Users Guide
Step Description
Step 3
Enter
value
(optional)
After Step 3, you have values for a specific record (Alice’s record, in this case). Change the
value to a dynamic session attribute that will help Policy Manager to associate a session with
a specific record in LDAP/AD. For example, if you selected the sAMAccountName attribute in
AD, click on the value field and select %{Authentication:Username}. When Policy Manager
processes an authentication request %{Authentication:Username} is populated with the user
ID of the user connecting to the network.
Step 4 Add more attributes from the node of interest and continue with Step 2.
Table 67:
Filter Creation Steps (Continued)
Attributes Tab
The Attributes tab defines the attributes to be fetched from Active Directory or LDAP directory. Each attribute can
also be “Enabled as Role,” which means the value fetched for this attribute can be used directly in Enforcement
Policies (See "Configuring Enforcement Policies" on page 281.)
Figure 113: AD/LDAP Configure Filter Attributes Tab
Parameter Description
Enter
values for
parameters
Policy Manager parses the filter query (created in the Filter tab and shown at the top of the
Attributes tab) and prompts to enter the values for all dynamic session parameters in the
query. For example, if you have %{Authentication:Username} in the filter query, you are
prompted to enter the value for it. You can enter wildcard character (*) here to match all
entries.
NOTE: If there are thousands of entries in the directory, entering the wildcard character (*)
can take a while to fetch all matching entries.
Table 68:
AD/LDAP Configure Filter Popup (Attributes Tab)
Dell Networking W-ClearPass Policy Manager 6.3 | User Guide Authentication and Authorization | 163