Connectivity Guide
Manage LDAP Operator Authentication Servers
Dell Networking W-ClearPass Guest supports a flexible authentication mechanism that can be readily adapted to any
LDAP server’s method of authenticating users by name. There are built-in defaults for Microsoft Active Directory
servers, POSIX-compliant directory servers, and RADIUS servers.
When an operator attempts to log in, each LDAP server that is enabled for authentication is checked, in order of
priority from lowest to highest.
Once a server is found that can authenticate the operator’s identity (typically with a username and password), the
LDAP server is queried for the attributes associated with the user account.
These LDAP attributes are then translated to operator attributes using the rules defined in the LDAP translation rules.
In particular, an operator profile will be assigned to the authenticated user with this process, which controls what that
user is permitted to do.
Creating an LDAP Server
To create an LDAP server, go to Administration > Operator Logins > Servers, then click the Create new LDAP
server link in the upper-right corner. The Server Configuration form opens.
To specify a basic LDAP server connection (hostname and optional port number), use a Server URL of the form
ldap://hostname/ or ldap://hostname:port/. See "Advanced LDAP URL Syntax" on page 343 for more details about
the types of LDAP URL you may specify.
In the top area of the form, select the Enabled option (below the Name field) if you want this server to authenticate
operator logins.
This form allows you to specify the type of LDAP server your system will use. Click the Server Type drop-down list
and select one of the following options:
Dell Networking W-ClearPass Guest 6.2 | User Guide Operator Logins | 341