Manualshelf

User Guide

ManualsBrandsAlcatel-Lucent ManualsOtherOMNIACCESS SAFEGUARD CONTROLLER
291292293294295296297298299300
OmniAccess SafeGuard OS Administration Guide
291
Chapter 6: Configuring Authentication and Role Derivation
(SafeGuardOS) (rulemap) # set system.roleName “specialPerson”
(SafeGuardOS) (rulemap) # end
(SafeGuardOS) (config) #
In this next example, the role name is set to any match in the list. Therefore, matches for
Sales are set to sales and matches for Engineering are set to engineering.
(SafeGuardOS) (config) # aaa rule-map alphaGroup
(SafeGuardOS) (rulemap) # operation or
(SafeGuardOS) (rulemap) # match ad.memberOf contains “Engineering”
(SafeGuardOS) (rulemap) # match ad.memberOf contains “Sales”
(SafeGuardOS) (rulemap) # match ad.memberOf contains “Exec”
(SafeGuardOS) (rulemap) # match ad.memberOf contains “FrontOffice”
(SafeGuardOS) (rulemap) # set system.roleName value-of system.matchedValue
(SafeGuardOS) (rulemap) # end
(SafeGuardOS) (config) #
Continuing or Stopping Assigning Roles
Depending on how the rule maps have been structured, either stop assigning roles after
the first successful match or continue to evaluate further. The default action is to stop
evaluating rule maps after the first role assignment. Use the action statement in rule map
submode using this syntax:
action [continue | stop]
Applying the Rule Map and Assign a Precedence
The final step is to apply the rule map. Rule maps are evaluated in precedence order from
lowest number (1) to highest number (65535). It is possible to assign to rule maps to the
same precedence level. In this case, the evaluation order of the rule maps is not
predetermined. Assigning the same precedence level should only be done when the two
rule maps apply to completely distinct groups of people.
Use the aaa rule-map apply command in Global Configuration mode using the following
syntax:
aaa rule-map apply rule_name (precedence number)
Syntax Description continue Specifies to continue processing rule
maps to find more role matches.
stop Specifies to stop processing rule maps.
Syntax Description rule_name Name of the rule map that is being bound.
number Specifies the precedence order for the rule
map. Valid values are 1 through 65535, with 1
being the highest precedence value.