Network Management

last person joined: yesterday 

Keep an informative eye on your network with HPE Aruba Networking network management solutions
Back to discussions
Expand all | Collapse all

Airwave 7.5 and LDAP authentication

This thread has been viewed 4 times

  • 1.  Airwave 7.5 and LDAP authentication

    Posted Oct 24, 2012 09:44 AM

    Is there any detailed information regarding set up of LDAP authentication for Airwave 7.5.x.



  • 2.  RE: Airwave 7.5 and LDAP authentication

    EMPLOYEE
    Posted Oct 24, 2012 12:50 PM

    What kind of details are you looking for?

     

    If you're looking for how to add your LDAP into AMP so that you can login to AMP using LDAP auth, this can be done from the AMP Setup -> Authentication tab -> expand LDAP Configuration table.

     

    Note, if you want AMP to check your LDAP before it checks the AMP Database, then you'll want to set 'Authentication Priority' to remote.  The setting is set to local by default which looks for users that are on the AMP Setup -> Users tab.

     

    A good practice is to leave at least 1 user in the local AMP database in case the LDAP auth host goes down or loses connectivity to AMP.

     

     

    Here's the excerpt from the 7.5 User Guide page 51:

    ~~~~~~~~~~~~~~~

    Configuring LDAP Authentication and Authorization
    LDAP (Lightweight Directory Access Protocol) provides users with a way of accessing and maintaining distributed directory information services over a network. When LDAP is enabled, a client can begin a session by authenticating against an LDAP server which by default is on TCP port 389.

     

    Perform these steps to configuration RADIUS authentication:

     

    1. Go to the AMP Setup > Authentication page.
    2. Select the Yes radio button to enable LDAP authentication and authorization. Once enabled, the available LDAP configuration options will display.

     

     

     



  • 3.  RE: Airwave 7.5 and LDAP authentication

    Posted Oct 24, 2012 01:04 PM

    I'm trying to login to AMP via LDAP authentication. So far, I've set up LDAP according to the setting you mentioned below in the user guide, but I'm just getting back a login not found error.

     

    Is there a log on the AMP server that will help further diagnose what is being sent to the LDAP server?

     

    Thanks



  • 4.  RE: Airwave 7.5 and LDAP authentication

    EMPLOYEE
    Posted Oct 24, 2012 01:28 PM

    Check the following logs:

    /var/log/messages

    /var/log/httpd/access_log

    /var/log/pound

     

    The messages log should report if your AMP is finding the ldap server.  The access_log should show login attempts and how they are routed through apache.  The pound log may also catch some information not reported in the access_log.

     

    You may want to try doing a tcp dump to see that the LDAP and AMP are talking.  Make sure your firewall isn't blocking the traffic.



  • 5.  RE: Airwave 7.5 and LDAP authentication

    Posted Oct 24, 2012 05:35 PM

    Can you paste what you have in your configuration already? For LDAP and also your role mappings.

    Someone did a nice little youtube video here: http://www.youtube.com/watch?v=reE-GSWZf_U

     

    I had some issues getting it to work as well;

    If you are using AD and the user exists in a subdomain, you need to point AMP to a global catelog server and change the port to 3268. Otherwise you cannot browse subdomains. This is important if your Base DN is set to the Domain root and you have sub.root.com and the user exists there.

     

    I think the main trick is that for Role Attribute, they want to know what attribute to look at in LDAP to match to a Role.

    So you can put in for instance "Description"

    Then in LDAP change the users description field to "Airwave Admin"

    Then go back to AMP and create a role with the name "Airwave Admin" and give it a AMP role.