hi,
you can configure guest ssid to autheticate users with external windows ldap server. you can use below community link http://community.cambiumnetworks.com/t5/cnPilot-E-Series-Enterprise-APs/Authenticating-guest-user-via-AD-server-using-LDAP-protocol/m-p/89987#M108
the whole flow is like this,
1. configure seprate wlan for guest access
2. choose authentication method as ldap
3. configure ldap server on ap
4. now cnPilot AP will directly to talk to ldap server for user authentication