How to configure LDAP on Omada Gateway
Contents
Configuring Portal Based on LDAP Authentication
Configuring VPN Based on LDAP Authentication
Objective
This article describes the implementation mode of LDAP and provides a configuration guide for users to configure and use LDAP on the Omada Gateway via the Omada Controller.
Requirements
- Omada Controller (Software Controller / Hardware Controller / Cloud-Based Controller, v5.8 and above)
- Omada Gateway
- LDAP Server
Introduction
The LDAP function for the Omada Gateway acts as an LDAP client for Portal Authentication and VPN Authentication.
- LDAP can be used as an external authentication server for Portal Authentication.
- LDAP can be used for VPN Authentication, supporting OpenVPN, L2TP VPN and PPTP VPN.
Configuration
Step 1. Launch the Omada Controller and go to Settings > Profiles > LDAP Profile. Click Create New LDAP Profile to configure an LDAP Profile. Three Bind Types are available:
- Simple Mode: LDAP clients will send bind requests only without an administrator account and password or search query permission. This mode is mainly used for scenarios where authentication accounts belong to the same LDAP directory node.
- Anonymous Mode: LDAP clients can send bind requests and search queries without an administrator account and password.
- Regular Mode: LDAP clients can send bind requests and search queries with an administrator account and password. This mode is used for scenarios where authentication accounts belong to the same or different LDAP directory nodes.
Note: For most LDAP servers, sending search queries and bind requests requires administrator authentication. Therefore, it is recommended that you choose Regular Mode.
Step 2. Configure the LDAP Profile parameters. Take Regular Mode as an example. Specify the parameters for your LDAP Server:
- Server Address: The IP address or URL of the LDAP Server.
- Destination Port: The port ID of the LDAP server. By default, the port ID is 389 when SSL is disabled and 636 when SSL is enabled.
- Regular DN: The distinguished name (DN) of the administrator account for the LDAP Server.
- Regular Password: The password of the administrator account for the LDAP Server.
- Common Name Identifier: UID or CN corresponding to the one configured in the LDAP Server.
- Base Distinguished Name: The upper directory node for the users to be authenticated in the LDAP Server. Click the Query icon on the right to view the directory structure and select the node.
- Additional Filter: The additional filter for user authentication. If this field is specified, the user to be authenticated should match the value. This field is optional.
- Group Distinguished Name: The group identifier for user authentication. If this field is specified, the user to be authenticated should match the value. Click the Query icon on the right to view the directory structure and select the node. This field is optional.
Configuring Portal Based on LDAP Authentication
Step 1. Launch the Omada Controller, go to Settings > Authentication > Portal, and click Create New Portal. Select External LDAP Server for Authentication Type and the profile created for LDAP Profile.
Configuring VPN Based on LDAP Authentication
Step 1. Launch the Omada Controller, go to Settings > VPN > VPN, and click Create New VPN Policy.
- Configure Open VPN based on LDAP. Select Client-to-Site VPN for Purpose and VPN Server – OpenVPN for VPN Type. Enable the Account Password and choose the LDAP Profile created. Refer to the VPN configuration guide for other parameters configurations.
- Configure L2TP VPN based on LDAP. Select Client-to-Site VPN for Purpose and VPN Server – L2TP for VPN Type. Select LDAP for Authentication Mode and choose the LDAP Profile created. Refer to the VPN configuration guide for other parameter configurations.
- Configure PPTP VPN based on LDAP. Select Client-to-Site VPN for Purpose and VPN Server – PPTP for VPN Type. Select LDAP for Authentication Mode and choose the LDAP Profile created. Refer to the VPN configuration guide for other parameter configurations.
Conclusion
With the steps above, you have successfully configured LDAP Profile and other functions using the LDAP Profile on the Omada Gateway.
To get more details about each function and configuration, please go to the Download Center to download the manual for your product.
Why can I not connect to the LDAP server when configuring the LDAP Profile?
Re: Please make sure you have configured the LDAP Server parameters correctly. You can use a generic LDAP client tool with the same settings to verify your configuration.
Is this faq useful?
Your feedback helps improve this site.
TP-Link Community
Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.