Network Management

Reply
Contributor II

LDAP Authentication to Airwave Questions

 

  1. Is it possible to have both RADIUS and LDAP Authentication working on the same Airwave server?
  2. Is LDAPS (LDAP over SSL) supported?
  3. Can you use a different port (636 instead of 389) for LDAPS?

Thanks.

Neil

--
Neil Johnson
Moderator

Re: LDAP Authentication to Airwave Questions

1) Yes, you can do multiple remote access servers.  The order will be RADIUS:TACACS:LDAP:LocalDB when remote auth is preferred.  Known feature request to allow choosing the order, not enough customer interest to push it beyond the Product team.

 

2) Yes, LDAP-S is supported, with option to validate server certs.

 

3) Yes, you can choose different port.

 

This is all controlled from the AMP Setup -> Authentication tab.


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company
Contributor II

Re: LDAP Authentication to Airwave Questions

Here is the solution I worked out with TAC.

 

  1. You can only have ONE authentication method enabled at a time.
    So I had to Disable RADIUS authentication because I wanted to use LDAP. I was hoping to use both because our Network team prefers using RADIUS to authenticate, but our Help Desk uses LDAP.

  2. You must use LDAP with start-tls or clear-text authentication.
    If I try to use ldap-s the AMP server doesn't even initiate any outbound traffic to the LDAP server.

  3. You must use the fully qualified BIND DN name. user@ldapserver.com doesn't work.
  4. Make sure the account .you are logging  in with is in the right search DN.

That's it. Everything is working now (except for RADIUS authentication).

 

-Neil

 

 

--
Neil Johnson
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: