Network Management

last person joined: 5 hours ago 

Keep an informative eye on your network with HPE Aruba Networking network management solutions
Back to discussions
Expand all | Collapse all

LDAP usage in Airwave 7.5

This thread has been viewed 2 times

  • 1.  LDAP usage in Airwave 7.5

    Posted Aug 03, 2012 08:02 PM

    I recently upgraded an Airwave instance to 7.5 and was happy to see LDAP integration baked into the product. Is there a way to filter LDAP groups into admin or read-only roles within Airwave? At this point it seems that the LDAP integration is a simple yes or no authencation check.

     

    Thanks for the help!

     

    -Mike



  • 2.  RE: LDAP usage in Airwave 7.5

    EMPLOYEE
    Posted Aug 03, 2012 08:27 PM

    Mike:

     

    in the LDAP section on the AMP Authentication page there is a field called "RoleAttribute" that you can configure as the LDAP attribute which has the AMP role in it. You can have two different AMP roles configured on AMP and use them to populate in the LDAP database. Let me know if you need detailed instructions and I can ask our QA team. I am also working with our support teams to include that informaiton in our knowledge base.

     

    Thanks
    Sujatha

     



  • 3.  RE: LDAP usage in Airwave 7.5

    Posted Aug 03, 2012 09:54 PM

    Hi Sujatha,

     

    Do you know if a future AMP update will give you the ability to set roles based on the DN? If not, I'd have to make a scheme change to Active Directory to add a new attribute. It would be much easier to set a role based on a regex of the DN or based on an LDAP group.

     

    Thanks!

     

    -Mike



  • 4.  RE: LDAP usage in Airwave 7.5

    Posted Aug 20, 2012 01:58 PM

    Hi Sujatha,

     

    Can you provide some tech detail on the role attribute? i am working on adding the LDAP here with two groups, admin and monitor only. It will be a nice to differential both groups.

     

    Thank you



  • 5.  RE: LDAP usage in Airwave 7.5

    Posted Aug 22, 2012 02:36 PM

    I understand your requirement as you need two sets of uses to be authenticated via LDAP for AMP usage with different autherization i.e. 

     admin, and monitor only.

     

    You will need to setup your LDAP in such a way that each autherized DN returns an attribute that matches with the role defined on AMP (with exact case matching)

     

    say DN cn=nms_admin,cn=users,dc=domain,dc=com is to be autherized as admin on airwave, then

    1) ensure that one of the attributes say 'AmpRole' has value 'Admin' configured in LDAP for this DN.

    2) while doing LDAP configuration provide 'Role Attribute:' as 'AmpRole'

     

    similaryly 

    say DN cn=nms_helpdesk,cn=users,dc=domain,dc=com is to be autherized as 'Read-Only Monitoring & Auditing' on airwave, then

    1) ensure that one of the attributes say 'AmpRole' has value 'Read-Only Monitoring & Auditing' configured in LDAP for this DN.

    2) while doing LDAP configuration provide 'Role Attribute:' as 'AmpRole'

     

    Hope this helps.

    Ava.