Dell PowerConnect W Clearpass 100 Software 3.7 Deployment Guide - Page 126
Administrator > Operator Logins > LDAP Translation Rules, CN=Administrators
View all Dell PowerConnect W Clearpass 100 Software manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 126 highlights
To create a new LDAP translation rule: 1. In the Name field, enter a self-explanatory name for the translation rule. In the example above the translation rule is to check that the user is an Administrator, hence the name MatchAdmin. 2. Select the Enabled check box to enable this rule once you have created it. If you do not select this check box, the rule you create will appear in the rules list, but will not be active until you enable it. 3. Click the Matching rule drop-down list and select a rule. The Matching Rule field can be one of: (blank) - always matches contains - case-insensitive substring match anywhere in string matches - regular expression match, where the value is a Perl-compatible regular expression including delimiters (for example, to match the regular expression "admin" case-insensitively, use the value "/admin/i"; See "Regular Expressions" in the Reference chapter for more details about regular expressions) equals - case-insensitive string comparison, matches on equality does not equal - case-insensitive string comparison, matches on inequality less than - numerical value is less than the match value greater than - numerical value is greater than the match value starts with - case-insensitive substring match at start of string ends with - case-insensitive substring match at end of string 4. Select a Value. The Value field states what is to be matched, in this case CN=Administrators to look for a specific group of which the user is a member. 5. Click the On Match drop-down list and select the action the system should take when there is a match. Your options here are to: Do nothing - makes no changes. Assign fixed operator profile - assigns the selected Operator Profile to the operator Assign attribute's value to operator field - uses the value of the attribute as the value for an operator field. This option can be used to store operator configuration details in the directory. Assign custom value to operator field - uses a template to assign a value to a specific operator field. Apply custom processing - evaluates a template that may perform custom processing on the LDAP operator. Remove attribute from operator - removes the selected LDAP attribute from the operator. 6. Click the Operator Profile drop-down list and select the profile to be assigned if there is a rule match. In the example shown above, if the Administrator group is matched, the Administrator profile is to be assigned. 7. Select the Fallthrough check box if you want to use multiple translation rules. When you create multiple rules, you can build a complete logical structure to perform any type of processing on the LDAP attributes available in your directory. 8. Click Save Changes to save your rule settings. The Administrator > Operator Logins > LDAP Translation Rules window shows a list of all configured translation rules. 126 | Operator Logins Amigopod 3.7 | Deployment Guide