06-17-2014 08:08 AM
Hi, I have some question regard to Captive Portal and LDAP Role.
1. Can a user authenticated with Captive Portal once without re-authen ?
2. With OpenLDAP, Can Controller set user role from attributes in LDAP ?
Solved! Go to Solution.
06-17-2014 04:45 PM
1. You cannot do it once and have the user never reauthenticate, but you can extend the period of time user user can remain idle on a captive portal without being forced to reauthenticate in ArubaOS 6.3 and above: The "user idle timeout" parameter on the Captive Portal authentication profile determines this: http://www.arubanetworks.com/techdocs/ArubaOS_63_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/Captive_Portal/Captive_Portal_Authentic.htm
2. You can do that, but you first need to find out what attribute you are looking for by using the "aaa query-user command" http://community.arubanetworks.com/t5/Command-of-the-Day/COTD-Debugging-LDAP/m-p/91/highlight/true#M40
After you use that command In your server group that the LDAP server is in, you write a user derivation command in your server group looking for the output of whatever group attribute you are looking for. In the example below the LDAP server is an AD server and it stores group membership in the memberOf attribute. I look for Student or Doctor in that attribute and change the Role of the authenticated user based on that returned attribute;
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base