Wireless Access

Reply
Occasional Contributor II
Posts: 60
Registered: ‎01-19-2011

guest-provisioning LDAP integration

Hi, have anyone ever tried to integrate the guest-provisioning user login to LDAP? Means that when a reception or anyone tries to login to controller just to create a guest account, they will authenticate through LDAP and not by the Administration user database.

 

I can see that you can configure a server group and server rules under Configuration>Administration, but have anyone tried LDAP? and if it is possible is there any syslog to show who logged-in as guest-prov role?

 

Thank you.

Guru Elite
Posts: 21,555
Registered: ‎03-29-2007

Re: guest-provisioning LDAP integration

You would need to:

 

- Setup and LDAP server

- Test it using AAA Test-server

- Add it to a server Group

- Under Management Authentication, add that server group and check "Enable"

- Change the Default role to guest-provisioning

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 60
Registered: ‎01-19-2011

Re: guest-provisioning LDAP integration

Hi Colin, just a follow up question, currently my customer has three LDAP (let's say LDAP1, LDAP2 and LDAP3)
servers which belongs to different branches in their office. So let's say I created a server group and added the three LDAP servers
in it, and if User_A which belongs to "LDAP3" wants to log in as guest-provisioning, so the login credentials
will go to LDAP1 first(depending on order), if LDAP1 did not return anything will the controller move on to LDAP2 and LDAP3?

Guru Elite
Posts: 21,555
Registered: ‎03-29-2007

Re: guest-provisioning LDAP integration

Are they three DIFFERENT directories, or the same directory?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 60
Registered: ‎01-19-2011

Re: guest-provisioning LDAP integration

Hi Colin, thanks for the reply. I'm not  really sure because I have very little knowledge on LDAP, but each server belongs to three different department. So I'm guessing yes it is three different directories.

Guru Elite
Posts: 21,555
Registered: ‎03-29-2007

Re: guest-provisioning LDAP integration

I want to say, first start with a static username and password that rotates.  It is very difficult to train so many users on how to create, modify and delete guest users...



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 60
Registered: ‎01-19-2011

Re: guest-provisioning LDAP integration

yeah, right now they are using a static account, but the reason they want to integrate LDAP is that they have so many users that always creates accounts and they want know who are those users. so their main issue here actually is accounting. is there any logging to show any activity on the guest-provisioning user?

Guru Elite
Posts: 21,555
Registered: ‎03-29-2007

Re: guest-provisioning LDAP integration

"show audit-trail"



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 60
Registered: ‎01-19-2011

Re: guest-provisioning LDAP integration

Thanks Colin. I will try that. but they are still open for the LDAP integration, so I have to do some test on that.

Search Airheads
Showing results for 
Search instead for 
Did you mean: