ArubaOS and Controllers

New Contributor

LDAP server rules with openldap


I am running successfully LDAP authentication against openldap. I am trying to use server roles to apply policy based on user group membership.

Unfortunately in this configuration the user group member ships (like in AD,Novell implementation) are not under the user entry. However opneldap 2.4 supports Reverse Group Membership via slapo-memberof overlay. See:

But, the problem with slapo-memberof is that the memberOf attribute is an operational attribute, so it must be requested explicitly.

Therefore, I cannot see memberOf attribute via "aaa query-user server user" command.

Based on my testing, the ArubaOS does not call configured server rule attributes explicitly, is that correct conclusion?

Is there any workaround in ArubaOS? Can I do user group membership lookups from the other branches (groupOfNames schema)? Or am I forced to maintain aruba related groups under the user entry?

BR, Teemu
Guru Elite

aaa query user

You can only write rules based on what is returned by the aaa query user command.

Maybe someone else has some other ideas on how to do this.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: