Aruba Networks PowerConnect W Clearpass 100 Software Deployment Manual page 126

To create a new LDAP translation rule:
1. In the Name field, enter a self-explanatory name for the translation rule. In the example above the
translation rule is to check that the user is an Administrator, hence the name MatchAdmin.
2. Select the Enabled check box to enable this rule once you have created it. If you do not select this
check box, the rule you create will appear in the rules list, but will not be active until you enable it.
3. Click the Matching rule drop-down list and select a rule. The Matching Rule field can be one of:
(blank) – always matches

contains – case-insensitive substring match anywhere in string

matches – regular expression match, where the value is a Perl-compatible regular expression

including delimiters (for example, to match the regular expression "admin" case-insensitively, use
the value "/admin/i"; See
regular expressions)
equals – case-insensitive string comparison, matches on equality

does not equal – case-insensitive string comparison, matches on inequality

less than – numerical value is less than the match value

greater than – numerical value is greater than the match value

starts with – case-insensitive substring match at start of string

ends with – case-insensitive substring match at end of string

4. Select a Value. The Value field states what is to be matched, in this case CN=Administrators to look
for a specific group of which the user is a member.
5. Click the On Match drop-down list and select the action the system should take when there is a match.
Your options here are to:
Do nothing – makes no changes.

Assign fixed operator profile – assigns the selected Operator Profile to the operator

Assign attribute's value to operator field – uses the value of the attribute as the value for an

operator field. This option can be used to store operator configuration details in the directory.
Assign custom value to operator field – uses a template to assign a value to a specific operator

field.
Apply custom processing – evaluates a template that may perform custom processing on the LDAP

operator.
Remove attribute from operator – removes the selected LDAP attribute from the operator.

6. Click the Operator Profile drop-down list and select the profile to be assigned if there is a rule match.
In the example shown above, if the Administrator group is matched, the Administrator profile is to be
assigned.
7. Select the Fallthrough check box if you want to use multiple translation rules. When you create
multiple rules, you can build a complete logical structure to perform any type of processing on the LDAP
attributes available in your directory.
8. Click Save Changes to save your rule settings.
The Administrator > Operator Logins > LDAP Translation Rules window shows a list of all
configured translation rules.
126 | Operator Logins
"Regular Expressions" in the Reference chapter for more details about
Amigopod 3.7 | Deployment Guide