Security

Hi,

Is there any documentation on the syntax and options that we can use in the Authentication source filters (for Active directory)?

For example this: (|(&(objectClass=user)(sAMAccountName=%{Authentication:Username}))(&(objectClass=user)(userPrincipalName=%{Authentication:Username})))

I want to learn how to read it. Why there is an OR operator in the beginning and not between the statements, how many statements can I have and so on.

Regards

Philip

That is an LDAP query, you'll need to look for resources on that for more information, but in this case you need to know that the logical operator proceeds the tests.

The AD query is looking for an account of objectClass user that has a sAMAccountName or userPrincipalName that matches the given username from the session. 

------------------------------
Carson Hulcher, ACEX#110
------------------------------

I found this site with explanations on the LDAP query syntax and a bunch of examples as well. Not a specific recommendation or the best site there is, just the first that I found with an internet search that seems to make sense.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your HPE Aruba Networking partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact HPE Aruba Networking TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or HPE Aruba Networking.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

My resource from wayback: https://www.ldapexplorer.com/en/manual/109050000-famous-filters.htm

------------------------------
Carson Hulcher, ACEX#110
------------------------------

Original Message:
Sent: Feb 24, 2025 10:26 AM
From: Herman Robers
Subject: Clearpass authentication source filter explanation

I found this site with explanations on the LDAP query syntax and a bunch of examples as well. Not a specific recommendation or the best site there is, just the first that I found with an internet search that seems to make sense.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your HPE Aruba Networking partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact HPE Aruba Networking TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or HPE Aruba Networking.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------