Network Management

Reply
Occasional Contributor I
Posts: 9
Registered: ‎12-27-2011

Airwave 7.5 and LDAP authentication

Is there any detailed information regarding set up of LDAP authentication for Airwave 7.5.x.

Moderator
Posts: 1,229
Registered: ‎10-16-2008

Re: Airwave 7.5 and LDAP authentication

What kind of details are you looking for?

 

If you're looking for how to add your LDAP into AMP so that you can login to AMP using LDAP auth, this can be done from the AMP Setup -> Authentication tab -> expand LDAP Configuration table.

 

Note, if you want AMP to check your LDAP before it checks the AMP Database, then you'll want to set 'Authentication Priority' to remote.  The setting is set to local by default which looks for users that are on the AMP Setup -> Users tab.

 

A good practice is to leave at least 1 user in the local AMP database in case the LDAP auth host goes down or loses connectivity to AMP.

 

 

Here's the excerpt from the 7.5 User Guide page 51:

~~~~~~~~~~~~~~~

Configuring LDAP Authentication and Authorization
LDAP (Lightweight Directory Access Protocol) provides users with a way of accessing and maintaining distributed directory information services over a network. When LDAP is enabled, a client can begin a session by authenticating against an LDAP server which by default is on TCP port 389.

 

Perform these steps to configuration RADIUS authentication:

 

1. Go to the AMP Setup > Authentication page.
2. Select the Yes radio button to enable LDAP authentication and authorization. Once enabled, the available LDAP configuration options will display.

 

 

 


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
Occasional Contributor I
Posts: 9
Registered: ‎12-27-2011

Re: Airwave 7.5 and LDAP authentication

I'm trying to login to AMP via LDAP authentication. So far, I've set up LDAP according to the setting you mentioned below in the user guide, but I'm just getting back a login not found error.

 

Is there a log on the AMP server that will help further diagnose what is being sent to the LDAP server?

 

Thanks

Moderator
Posts: 1,229
Registered: ‎10-16-2008

Re: Airwave 7.5 and LDAP authentication

Check the following logs:

/var/log/messages

/var/log/httpd/access_log

/var/log/pound

 

The messages log should report if your AMP is finding the ldap server.  The access_log should show login attempts and how they are routed through apache.  The pound log may also catch some information not reported in the access_log.

 

You may want to try doing a tcp dump to see that the LDAP and AMP are talking.  Make sure your firewall isn't blocking the traffic.


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
Aruba Employee
Posts: 12
Registered: ‎10-24-2012

Re: Airwave 7.5 and LDAP authentication

Can you paste what you have in your configuration already? For LDAP and also your role mappings.

Someone did a nice little youtube video here: http://www.youtube.com/watch?v=reE-GSWZf_U

 

I had some issues getting it to work as well;

If you are using AD and the user exists in a subdomain, you need to point AMP to a global catelog server and change the port to 3268. Otherwise you cannot browse subdomains. This is important if your Base DN is set to the Domain root and you have sub.root.com and the user exists there.

 

I think the main trick is that for Role Attribute, they want to know what attribute to look at in LDAP to match to a Role.

So you can put in for instance "Description"

Then in LDAP change the users description field to "Airwave Admin"

Then go back to AMP and create a role with the name "Airwave Admin" and give it a AMP role.

 

 

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: