Does anyone have a working way to search for group assignments by POSIX (gidNumber) to match Pulse Connect Secure VPN users to for Role assignment?
Example user schema:
o: <MY ORGANIZATION>
My current search filter (which doesn't seem to work).
dc=<MY-DOMAIN>,dc=<COM> (I've omitted the actual domain here)
gidNumber=* or gidNumber=3001
Please add the gidNumber attribute to LDAP server catalog (accessible on the auth server page under Group membership section or role mapping while group membership is selected).
LDAP server catalog >> Attributes >> gidNumber >> Add.
Now, the VPN server will request the LDAP server to provide the value of gidNumber attribute while the user authenticates and you can create a custom expression/user attribute based role mapping rule with that.
Hope it helps.
I did manage to Add gidNumber. Now, unfortunately, Pulse doesn't have any documentation around how they interpret or use Expressions--that I could locate, anyway.
Go to Role mapping >> New rule >> Choose "Custom expressions" >> Update >> Click "Custom expressions" >> Enter any name for the expression >> Value as shown the screenshot and Save changes. Now you will be able to select the expression and map it to the user role.