Configure LDAP to limit who can use WiFi

I am trying to configure LDAP to authenticate my Wireless users. I want to limit which users can authenticate. Is there a way to limit which OU can contain users that are allowed to use WiFi.

Hi Fiza, 

         Are you trying to integrate LDAP with normal WLAN authentication or Guest WLAN authentication. We support LDAP integration for guest WLAN. 

Regards

Anand 

Hi, sorry I was on leave last week so didnt see this. It is for Guest Access. For Staff who bring in their own devices and need to authenticate to get access.

hi,

you can configure guest ssid to autheticate users with external windows ldap server. you can use below community link http://community.cambiumnetworks.com/t5/cnPilot-E-Series-Enterprise-APs/Authenticating-guest-user-via-AD-server-using-LDAP-protocol/m-p/89987#M108

the whole flow is like this,

1. configure seprate wlan for guest access 

2. choose authentication method as ldap 

3. configure ldap server on ap

4. now cnPilot AP will directly to talk to ldap server for user authentication 

Hi, I have followed that guide but what I would like to do is limit authentication to a subset of users. My Active Directory contains both students and staff. I only want to offer the wifi guest access to staff so only want them to be able to to authenticate via LDAP.  The way the article suggests it allows all users in Active Directory to authenticate.

How can I limit it to just Staff please?

hi,

it shall be achievable by controlling search path under "LDAP Server adminDN" configuration. did we tried this one?

I obviously misunderstood this section as I thought it meant to link the AdminDN to where an Admin user was. I have now configured this to where my Staff users are and it works.

Thank you.

I can now connect my Staff users but when I look at the Wireless Clients under System on the cnMaestro console I cannot see the user that has logged in. I can see the Device name, IP address, MAC address, SSID etc but the user is not shown. How can I see which Active Directory user has authenticated please?

good to hear it is worked. user informaion is been tied to 802.1x authentication or wpa2 interprise authentication. we can take this as request and see we can align it in future releases.