Wireless Access

last person joined: 21 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

guest-provisioning LDAP integration

This thread has been viewed 2 times

  • 1.  guest-provisioning LDAP integration

    Posted Mar 04, 2013 10:38 PM

    Hi, have anyone ever tried to integrate the guest-provisioning user login to LDAP? Means that when a reception or anyone tries to login to controller just to create a guest account, they will authenticate through LDAP and not by the Administration user database.

     

    I can see that you can configure a server group and server rules under Configuration>Administration, but have anyone tried LDAP? and if it is possible is there any syslog to show who logged-in as guest-prov role?

     

    Thank you.



  • 2.  RE: guest-provisioning LDAP integration

    EMPLOYEE
    Posted Mar 05, 2013 11:36 PM

    You would need to:

     

    - Setup and LDAP server

    - Test it using AAA Test-server

    - Add it to a server Group

    - Under Management Authentication, add that server group and check "Enable"

    - Change the Default role to guest-provisioning

     



  • 3.  RE: guest-provisioning LDAP integration

    Posted Mar 06, 2013 02:39 AM

    Hi Colin, just a follow up question, currently my customer has three LDAP (let's say LDAP1, LDAP2 and LDAP3)
    servers which belongs to different branches in their office. So let's say I created a server group and added the three LDAP servers
    in it, and if User_A which belongs to "LDAP3" wants to log in as guest-provisioning, so the login credentials
    will go to LDAP1 first(depending on order), if LDAP1 did not return anything will the controller move on to LDAP2 and LDAP3?



  • 4.  RE: guest-provisioning LDAP integration

    EMPLOYEE
    Posted Mar 06, 2013 05:14 AM

    Are they three DIFFERENT directories, or the same directory?

     



  • 5.  RE: guest-provisioning LDAP integration

    Posted Mar 06, 2013 11:01 PM

    Hi Colin, thanks for the reply. I'm not  really sure because I have very little knowledge on LDAP, but each server belongs to three different department. So I'm guessing yes it is three different directories.



  • 6.  RE: guest-provisioning LDAP integration

    EMPLOYEE
    Posted Mar 07, 2013 05:28 AM

    I want to say, first start with a static username and password that rotates.  It is very difficult to train so many users on how to create, modify and delete guest users...



  • 7.  RE: guest-provisioning LDAP integration

    Posted Mar 07, 2013 10:15 PM

    yeah, right now they are using a static account, but the reason they want to integrate LDAP is that they have so many users that always creates accounts and they want know who are those users. so their main issue here actually is accounting. is there any logging to show any activity on the guest-provisioning user?



  • 8.  RE: guest-provisioning LDAP integration

    EMPLOYEE
    Posted Mar 07, 2013 10:40 PM

    "show audit-trail"



  • 9.  RE: guest-provisioning LDAP integration

    Posted Mar 07, 2013 11:17 PM

    Thanks Colin. I will try that. but they are still open for the LDAP integration, so I have to do some test on that.