Wireless Access

Hi, I have some question regard to Captive Portal and LDAP Role.

1. Can a user authenticated with Captive Portal once without re-authen ?

2. With OpenLDAP, Can Controller set user role from attributes in LDAP ?

1.  You cannot do it once and have the user never reauthenticate, but you can extend the period of time user user can remain idle on a captive portal without being forced to reauthenticate in ArubaOS 6.3 and above:  The "user idle timeout" parameter on the Captive Portal authentication profile determines this:  http://www.arubanetworks.com/techdocs/ArubaOS_63_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/Captive_Portal/Captive_Portal_Authentic.htm

2. You can do that, but you first need to find out what attribute you are looking for by using the "aaa query-user command"  http://community.arubanetworks.com/t5/Command-of-the-Day/COTD-Debugging-LDAP/m-p/91/highlight/true#M40

After you use that command In your server group that the LDAP server is in, you write a user derivation command in your server group looking for the output of whatever group attribute you are looking for.  In the example below the LDAP server is an AD server and it stores group membership in the memberOf attribute.  I look for Student or Doctor in that attribute and change the Role of the authenticated user based on that returned attribute;

Hi, Thank you. I still have some question about idle time

What is it count from ? one a user successful login or when they has no activity on WLAN ?

So, If the user continously using the network. They don't need to re-authenticate with Captive Portal right ?