Airwave user Authentication using AD/LDAP

Aruba Employee
Aruba Employee

This procedure will help you to Authenticate user from AD to Airwave using LDAP with examples and screen capture.


1). First create OU under the Domain Controller in AD. In my case I created one Parent(OU1) and two Childs (OU2 and OU3) under the Domain Controller “”.

2). You can now add users as well as Groups to the OUs you created. I added a user "Satty" in OU2 and a user and a Group in OU3.

3. In my case, I added the users in the Group "Grp1"as well. 


Then Added the users in it.
4. Make sure that the description same for all the users which will be used for mapping in Airwave. In my case I used "Test123" for all the Users and Groups.

5. Then note down the Bind DN and Base DN.

For example I am using bind DN of Satty. 

Bind : CN=satty,OU=OU2,OU=OU1,DC=clearpass,DC=aruba,DC=com
Base: DC=clearpass,DC=aruba,DC=com
6. After the setting on AD, configure the Airwave as follows-
In AMP Setup > Authentication we have to make sure we are providing the correct information from AD-
a. IP address: IP address for AD.
b. Bind DN: I am using the Bind DN for User Satty. And I used the Logon Name from AD. Also used the same password of Satty mentioned in AD for Bind Passowrd.
c. Base DN: I provided the details of only Domain Controller-
d. Role Attribute: Keep it “description”, because we will create a Role in Airwave which is description in AD.
7). Once the above configuration is done, now create a Role in Airwave. So navigate to AMP Setup > Roles > Click on Add Role.


Here, provide the same Role name which is used in Description in AD for every users and Groups.
8). Now our configuration is done.

The above configuration will authenticate users from AD to Airwave. 

Using User Satty from OU1.
Using the Users from Group “Grp1”

All the users will be able to login to Airwave against LDAP/AD Authentication.

Version history
Revision #:
1 of 1
Last update:
‎06-03-2014 06:25 PM
Updated by:
Labels (1)

This is cheating. This tells me nothing usfull about how to setup ldap-s. You are passing clear text and no one is going to modify all their admin accouns to have a descript to allow them to log in.



Any news on the 8.2.3 version? and about @tezdoll say about ldap-s (636 port and details)... Maybe another way like authenticate with NPS not LDAP?


I just need to grant access to users that belong to an AD group.


idea: Radius or Ldap test section like in controller could be a good stuff in feature versions... ;-)

Best Regards.

Search Airheads
Showing results for 
Search instead for 
Did you mean: