06-14-2014 08:25 AM
After integrating controller with active directory can I create roles based on active directory group membership for example
IT group can have full access to everything but accountatnt have no access at all.
06-14-2014 08:39 AM
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
06-22-2014 05:48 AM - edited 06-22-2014 06:19 AM
You can't do that with straight up ldap as far as I know. EDIT: I stand corrected, see below.
You can however set up a radius server (Clearpass, NPS, .. ) and use that to return roles depending on AD group membership.
With an Aruba controller you can have your radius server return the aruba vsa aruba-user-role (amongs many more) to have this applied to the user. No need to go into server derivation rules and the likes even.
-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
06-22-2014 06:15 AM
You can change a device's role based on an attribute in with LDAP:
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base