cancel
Showing results for 
Search instead for 
Did you mean: 

LDAP Group search on gidNumber

Highlighted
New Contributor

LDAP Group search on gidNumber

Hello,

    Does anyone have a working way to search for group assignments by POSIX (gidNumber) to match Pulse Connect Secure VPN users to for Role assignment?

Example user schema:

dn: dc=<MY-DOMAIN>,dc=<COM>
objectclass: dcObject
objectclass: organization
o: <MY ORGANIZATION>
dc: <MY-DOMAIN>

uidNumber: #
gidNumber: #
dn: cn=Manager,dc=<MY-DOMAIN>,dc=<COM>
objectclass: organizationalRole
cn: Manager


My current search filter (which doesn't seem to work).

dc=<MY-DOMAIN>,dc=<COM> (I've omitted the actual domain here)

gidNumber=*  or gidNumber=3001

 

Thanks!

3 REPLIES 3
Moderator

Re: LDAP Group search on gidNumber

Please add the gidNumber attribute to LDAP server catalog (accessible on the auth server page under Group membership section or role mapping while group membership is selected).

 

LDAP server catalog >> Attributes >> gidNumber >> Add.

 

Now, the VPN server will request the LDAP server to provide the value of gidNumber attribute while the user authenticates and you can create a custom expression/user attribute based role mapping rule with that.

 

Hope it helps. Smiley Happy

 

 

PCS Expert
Pulse Connect Secure Certified Expert
Highlighted
New Contributor

Re: LDAP Group search on gidNumber

I did manage to Add gidNumber. Now, unfortunately, Pulse doesn't have any documentation around how they interpret or use Expressions--that I could locate, anyway.

Highlighted
Moderator

Re: LDAP Group search on gidNumber

Go to Role mapping >> New rule >> Choose "Custom expressions" >> Update >> Click "Custom expressions" >> Enter any name for the expression >> Value as shown the screenshot and Save changes. Now you will be able to select the expression and map it to the user role.

 

Annotation 2020-06-06 163156.png

 

Annotation 2020-06-06 163413.pngAnnotation 2020-06-06 163538.png

PCS Expert
Pulse Connect Secure Certified Expert