so i have LDAP already setup and working. The issue is when i set a server rule so that only certain users from a AD group are allowed to log in, it doesnt work. In my drop down selection i do not have memberOf selection. If i use Group-Name and change the allow local logon to no access it doesnt work either. can someone let me know what i should be using please.
as you can see memberOf is not validated, but Group-Name is.
1. Use the aaa query command to validate what LDAP attributes are returned for users: https://www.arubanetworks.com/techdocs/ArubaOS_6_5_4_X_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/aaa_query_user.htm?Highlight=query
2. If the attribute does not appear in the dropdown, you can configure it on the commandline in the server group using "set role..." https://www.arubanetworks.com/techdocs/ArubaOS_6_5_4_X_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/aaa_server_group.htm?Highlight=server%20derivation
here is the query and yes the user is part of that grp. ill try it via cli and see if that works.
Lastly, you should enable LDAP debugging: https://community.arubanetworks.com/t5/Command-of-the-Day/COTD-Debugging-LDAP/td-p/91
ran these commands and same result in CLI
Did you turn on debugging and look at the log after the user attempt to login?
so after all the research and attempts at this, using the attribute User-Name works. im not sure why i cannot user memberOf, but since User-Name is working im going to user that. thanks for the information you provided.
Have you tried MemerOf with a capital M?
no, ill try that and see if that works.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.