Network Management

Reply
MVP
Posts: 371
Registered: ‎01-14-2010

LDAP usage in Airwave 7.5

I recently upgraded an Airwave instance to 7.5 and was happy to see LDAP integration baked into the product. Is there a way to filter LDAP groups into admin or read-only roles within Airwave? At this point it seems that the LDAP integration is a simple yes or no authencation check.

 

Thanks for the help!

 

-Mike

Moderator
Posts: 43
Registered: ‎04-25-2009

Re: LDAP usage in Airwave 7.5

Mike:

 

in the LDAP section on the AMP Authentication page there is a field called "RoleAttribute" that you can configure as the LDAP attribute which has the AMP role in it. You can have two different AMP roles configured on AMP and use them to populate in the LDAP database. Let me know if you need detailed instructions and I can ask our QA team. I am also working with our support teams to include that informaiton in our knowledge base.

 

Thanks
Sujatha

 

MVP
Posts: 371
Registered: ‎01-14-2010

Re: LDAP usage in Airwave 7.5

Hi Sujatha,

 

Do you know if a future AMP update will give you the ability to set roles based on the DN? If not, I'd have to make a scheme change to Active Directory to add a new attribute. It would be much easier to set a role based on a regex of the DN or based on an LDAP group.

 

Thanks!

 

-Mike

Contributor I
Posts: 76
Registered: ‎05-14-2009

Re: LDAP usage in Airwave 7.5

Hi Sujatha,

 

Can you provide some tech detail on the role attribute? i am working on adding the LDAP here with two groups, admin and monitor only. It will be a nice to differential both groups.

 

Thank you

Aruba Employee
Posts: 3
Registered: ‎12-08-2011

Re: LDAP usage in Airwave 7.5

I understand your requirement as you need two sets of uses to be authenticated via LDAP for AMP usage with different autherization i.e. 

 admin, and monitor only.

 

You will need to setup your LDAP in such a way that each autherized DN returns an attribute that matches with the role defined on AMP (with exact case matching)

 

say DN cn=nms_admin,cn=users,dc=domain,dc=com is to be autherized as admin on airwave, then

1) ensure that one of the attributes say 'AmpRole' has value 'Admin' configured in LDAP for this DN.

2) while doing LDAP configuration provide 'Role Attribute:' as 'AmpRole'

 

similaryly 

say DN cn=nms_helpdesk,cn=users,dc=domain,dc=com is to be autherized as 'Read-Only Monitoring & Auditing' on airwave, then

1) ensure that one of the attributes say 'AmpRole' has value 'Read-Only Monitoring & Auditing' configured in LDAP for this DN.

2) while doing LDAP configuration provide 'Role Attribute:' as 'AmpRole'

 

Hope this helps.

Ava.

Search Airheads
Showing results for 
Search instead for 
Did you mean: