I'm setting up a SSID which will authorize users (assign vlan) based on their custom LDAP groups. The problem arises when I try changing their groups dynamically so that they can receive a new vlan. It doesn't work because the CPPM has cached user groups locally after the previous query to LDAP, so users still receive the old groups and old vlan after reauthentication. Due to specific requirements, the action of changing user's LDAP groups (which will translate to new vlan and new policy) will happen quite often (at least several times during working day).
Do we have any ways to accomplish this? I don't want to disable cache option since it may cause performance issue with CPPM.
Thank you very much,
I have approximately 5000 devices authenticating through CPPM. Will it cause huge performance issue if I disable the cache? And what should I do to limit the impact?
Let me clarify the requirements. Our users want to test their products through different ISPs, so we came up with an idea to associate their accounts with different LDAP groups, and based on those settings, source route their traffic through the ISP they want to test. Since their work is just doing test like this, it will happen on a regular basis (change group -> change vlan -> change ISP).
Normally the cache is very useful, but not in this case. I wonder if we can have any other solution for dynamic vlan changing except using LDAP groups?
I have thought about using the group (role) locally on CPPM, but looks like there's no way to map the username on LDAP to local group on CPPM.
Any ideas are very welcome.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.