Configuring Security and Other Services
Using an External AAA Server
Advanced LDAP Filtering
A search string in LDAP format conforming to
RFC 4515
can be used to limit search results. For
example, objectClass=Person limits the search to those whose "objectClass" attribute is
equal to "Person".
More complicated examples are shown when you mouse over the "show more" section, as
shown in
Figure 67
below.
Figure 67.
LDAP search filter syntax examples
Mouse over
"show more"
Group Extraction
By using the Search Filter, you can extract the groups to which a user belongs, as categorized
in your LDAP server. Using these groups, you can attribute Roles within ZoneDirector to
members of specific groups.
For example, in a school setting, if you want to assign members of the group "students" to a
Student role, you can enter a known student's name in the Test Authentication Settings section,
click Test, and return the groups that the user belongs to. If everything is configured correctly,
the result will display the groups associated with the student, which should include a group
called "student" (or whatever was configured on your LDAP server).
Next, go to the Configure > Roles page, create a Role named "Student," and enter "student"
in the Group Attributes field. Then you can select which WLANs you want this Role to have
access to, and decide whether this Role should have Guest Pass generation privileges and
ZoneDirector administration privileges. From here on, any user associated to the Group
"student" will be given the same privileges when he/she is authenticated against your LDAP
server.
To configure user roles based on LDAP group
1. Point ZoneDirector to your LDAP server:
93