Wireless Access

Reply
New Contributor
Posts: 3
Registered: ‎03-07-2014

Captive Portal & LDAP Role Questions

Hi, I have some question regard to Captive Portal and LDAP Role.

 

1. Can a user authenticated with Captive Portal once without re-authen ?

2. With OpenLDAP, Can Controller set user role from attributes in LDAP ?

Guru Elite
Posts: 21,489
Registered: ‎03-29-2007

Re: Captive Portal & LDAP Role Questions

1.  You cannot do it once and have the user never reauthenticate, but you can extend the period of time user user can remain idle on a captive portal without being forced to reauthenticate in ArubaOS 6.3 and above:  The "user idle timeout" parameter on the Captive Portal authentication profile determines this:  http://www.arubanetworks.com/techdocs/ArubaOS_63_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/Captive_Portal/Captive_Portal_Authentic.htm

 

2. You can do that, but you first need to find out what attribute you are looking for by using the "aaa query-user command"  http://community.arubanetworks.com/t5/Command-of-the-Day/COTD-Debugging-LDAP/m-p/91/highlight/true#M40

After you use that command In your server group that the LDAP server is in, you write a user derivation command in your server group looking for the output of whatever group attribute you are looking for.  In the example below the LDAP server is an AD server and it stores group membership in the memberOf attribute.  I look for Student or Doctor in that attribute and change the Role of the authenticated user based on that returned attribute;

ldap.png

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 3
Registered: ‎03-07-2014

Re: Captive Portal & LDAP Role Questions

Hi, Thank you. I still have some question about idle time

 

What is it count from ? one a user successful login or when they has no activity on WLAN ?

Guru Elite
Posts: 21,489
Registered: ‎03-29-2007

Re: Captive Portal & LDAP Role Questions

The period of inactivity after they login.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 3
Registered: ‎03-07-2014

Re: Captive Portal & LDAP Role Questions

So, If the user continously using the network. They don't need to re-authenticate with Captive Portal right ?

Guru Elite
Posts: 21,489
Registered: ‎03-29-2007

Re: Captive Portal & LDAP Role Questions

Correct.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: