ArubaOS and Controllers

Reply
New Contributor
Posts: 2
Registered: ‎08-29-2010

Novell eDirectory

Hi All.

I'm trying to authenticate my WiFi users off a Novell eDirectory server, trough a captive portal i.e. Users logon to the wireless network >> get to captive portal >> input their Novell user and password details >> controller authenticated the user of the Novell backend.

At the moment I'm just not sure on what details would be required under the LDAP server settings :confused:. The installation guide doesn't help much either.

Thanks for your help.

Hein
Guru Elite
Posts: 20,410
Registered: ‎03-29-2007

Novell Edirectory


Hi All.

I'm trying to authenticate my WiFi users off a Novell eDirectory server, trough a captive portal i.e. Users logon to the wireless network >> get to captive portal >> input their Novell user and password details >> controller authenticated the user of the Novell backend.

At the moment I'm just not sure on what details would be required under the LDAP server settings :confused:. The installation guide doesn't help much either.

Thanks for your help.

Hein




To setup an LDAP server to Novell Edirectory you need:

- The IP address of the server
- The TCP port for authentication (typicaly 389)
- The Admin DN - The fully qualified name of a user who has read rights to the directory
- The Admin password - The password of that user
- The Base DN - The container to start searching for users to authenticate
- The Key attribute - This parameter determines what attribute is the user's username in Edirectory - This is either cn, or uid.

After you setup an LDAP server with those attributes, you create a server group and add that LDAP server to it. After that, you add that server group to the Captive Portal Authentication Profile (Captive Portal instance) that you are using to authenticate users. You would do it on the commandline like this:

config t
aaa authentication-server ldap "test-ldap"
host 152.32.5.222
admin-dn "cn=admin,o=chowan"
admin-passwd 88a6a71bd0e921ce01640e2b51f6d860ff37e02b989e0b0e
authport 636
base-dn "o=chowan"
key-attribute "cn"
!
aaa server-group "cp-ldap-gp"
auth-server test-ldap
!
aaa authentication captive portal profile user-auth
server-group cp-ldap-gp


You would then test the LDAP server using the aaa test-server option on the diagnostics tab.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 44
Registered: ‎10-06-2009

Re: Novell eDirectory

We're a Novell shop, and I have this working in my environment...

I use secure LDAP (or LDAP via SSL) on port 636. By default, Novell LDAP wont accept connections on port 389 and you cannot send data in clear text.

The biggest challenge I initially had was the key attribute, which should be cn for a Novell LDAP source.

If you have issues it may be worth stating a trace screen on your LDAP server with all the verbose LDAP debugging stuff turned on.

-Matt
New Contributor
Posts: 2
Registered: ‎08-29-2010

Solved

Thanks Colin and Matt.

Managed to get it working after spending some with the customers Novell expert.
I guess it was a matter of getting the right values for Admin and Base-DN along with the Key Attribute, as noted.

I guess it's time to get myself educated as far as LDAP is concerned:o.

Best regards

Hein