Search icon Choose location
 
Search icon

How to configure LDAP on Omada Gateway

Configuration Guide
Updated 11-06-2024 02:15:22 AM 252
This Article Applies to: 

Contents

Objective

Requirements

Introduction

Configuration

Configuring LDAP Profile

Configuring Portal Based on LDAP Authentication

Configuring VPN Based on LDAP Authentication

Conclusion

FAQ

Objective

This article describes the implementation mode of LDAP and provides a configuration guide for users to configure and use LDAP on the Omada Gateway via the Omada Controller.

Requirements

  • Omada Controller (Software Controller / Hardware Controller / Cloud-Based Controller, v5.8 and above)
  • Omada Gateway
  • LDAP Server

Introduction

The LDAP function for the Omada Gateway acts as an LDAP client for Portal Authentication and VPN Authentication.

  • LDAP can be used as an external authentication server for Portal Authentication.
  • LDAP can be used for VPN Authentication, supporting OpenVPN, L2TP VPN and PPTP VPN.

Configuration

Configuring LDAP Profile

Step 1. Launch the Omada Controller and go to Settings > Profiles > LDAP Profile. Click Create New LDAP Profile to configure an LDAP Profile. Three Bind Types are available:

  • Simple Mode: LDAP clients will send bind requests only without an administrator account and password or search query permission. This mode is mainly used for scenarios where authentication accounts belong to the same LDAP directory node.
  • Anonymous Mode: LDAP clients can send bind requests and search queries without an administrator account and password.
  • Regular Mode: LDAP clients can send bind requests and search queries with an administrator account and password. This mode is used for scenarios where authentication accounts belong to the same or different LDAP directory nodes.

Note: For most LDAP servers, sending search queries and bind requests requires administrator authentication. Therefore, it is recommended that you choose Regular Mode.

The position to create a new LDAP profile on Controller.

Configurations of LDAP profile, including Status/Name/Bind Type and so on.

Step 2. Configure the LDAP Profile parameters. Take Regular Mode as an example. Specify the parameters for your LDAP Server:

  • Server Address: The IP address or URL of the LDAP Server.
  • Destination Port: The port ID of the LDAP server. By default, the port ID is 389 when SSL is disabled and 636 when SSL is enabled.
  • Regular DN: The distinguished name (DN) of the administrator account for the LDAP Server.
  • Regular Password: The password of the administrator account for the LDAP Server.
  • Common Name Identifier: UID or CN corresponding to the one configured in the LDAP Server.
  • Base Distinguished Name: The upper directory node for the users to be authenticated in the LDAP Server. Click the Query icon on the right to view the directory structure and select the node.
  • Additional Filter: The additional filter for user authentication. If this field is specified, the user to be authenticated should match the value. This field is optional.
  • Group Distinguished Name: The group identifier for user authentication. If this field is specified, the user to be authenticated should match the value. Click the Query icon on the right to view the directory structure and select the node. This field is optional.

A demo to configure a LDAP profile.

Configuring Portal Based on LDAP Authentication

Step 1. Launch the Omada Controller, go to Settings > Authentication > Portal, and click Create New Portal. Select External LDAP Server for Authentication Type and the profile created for LDAP Profile.

The position to create a new Portal on Controller.

Configurations of the portal, including Portal Name/ SSID & Network and so on.

Configuring VPN Based on LDAP Authentication

Step 1. Launch the Omada Controller, go to Settings > VPN > VPN, and click Create New VPN Policy.

The position to create a new VPN policy on Controller.

  • Configure Open VPN based on LDAP. Select Client-to-Site VPN for Purpose and VPN Server – OpenVPN for VPN Type. Enable the Account Password and choose the LDAP Profile created. Refer to the VPN configuration guide for other parameters configurations.

Configurations of VPN policy, including Name/Status/Purpose and so on. Here, select VPN Type, VPN Server-OpenVPN, and select the LDAP Profile that you configured.

  • Configure L2TP VPN based on LDAP. Select Client-to-Site VPN for Purpose and VPN Server – L2TP for VPN Type. Select LDAP for Authentication Mode and choose the LDAP Profile created. Refer to the VPN configuration guide for other parameter configurations.

Configurations of VPN policy, including Name/Status/Purpose and so on. Here, VPN Type is selected as VPN Server-L2TP, and select the LDAP Profile that you configured.

  • Configure PPTP VPN based on LDAP. Select Client-to-Site VPN for Purpose and VPN Server – PPTP for VPN Type. Select LDAP for Authentication Mode and choose the LDAP Profile created. Refer to the VPN configuration guide for other parameter configurations.

Configurations of VPN policy, including Name/Status/Purpose and so on. Here VPN Type select as VPN Server-PPTP, and select the LDAP Profile what you configured.

Conclusion

With the steps above, you have successfully configured LDAP Profile and other functions using the LDAP Profile on the Omada Gateway.

To get more details about each function and configuration, please go to the Download Center to download the manual for your product.

FAQ

Why can I not connect to the LDAP server when configuring the LDAP Profile?

Re: Please make sure you have configured the LDAP Server parameters correctly. You can use a generic LDAP client tool with the same settings to verify your configuration.

Is this faq useful?

Your feedback helps improve this site.

Recommend Products

Community

TP-Link Community

Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.

Visit the Community >

We have updated our Policies. Read Privacy Policy and Terms of Use here.
This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy .

We have updated our Policies. Read Privacy Policy and Terms of Use here.
This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy .

Basic Cookies

These cookies are necessary for the website to function and cannot be deactivated in your systems.

TP-Link

accepted_local_switcher, tp_privacy_base, tp_privacy_marketing, tp_smb-select-product_scence, tp_smb-select-product_scenceSimple, tp_smb-select-product_userChoice, tp_smb-select-product_userChoiceSimple, tp_smb-select-product_userInfo, tp_smb-select-product_userInfoSimple, tp_top-banner, tp_popup-bottom, tp_popup-center, tp_popup-right-middle, tp_popup-right-bottom, tp_productCategoryType

Livechat

__livechat, __lc2_cid, __lc2_cst, __lc_cid, __lc_cst, CASID

Youtube

id, VISITOR_INFO1_LIVE, LOGIN_INFO, SIDCC, SAPISID, APISID, SSID, SID, YSC, __Secure-1PSID, __Secure-1PAPISID, __Secure-1PSIDCC, __Secure-3PSID, __Secure-3PAPISID, __Secure-3PSIDCC, 1P_JAR, AEC, NID, OTZ

Analysis and Marketing Cookies

Analysis cookies enable us to analyze your activities on our website in order to improve and adapt the functionality of our website.

The marketing cookies can be set through our website by our advertising partners in order to create a profile of your interests and to show you relevant advertisements on other websites.

Google Analytics & Google Tag Manager

_gid, _ga_<container-id>, _ga, _gat_gtag_<container-id>

Google Ads & DoubleClick

test_cookie, _gcl_au

Meta Pixel

_fbp

Crazy Egg

cebsp_, _ce.s, _ce.clock_data, _ce.clock_event, cebs

Hotjar

OptanonConsent, _sctr, _cs_s, _hjFirstSeen, _hjAbsoluteSessionInProgress, _hjSessionUser_14, _fbp, ajs_anonymous_id, _hjSessionUser_<hotjar-id>, _uetsid, _schn, _uetvid, NEXT_LOCALE, _hjSession_14, _hjid, _cs_c, _scid, _hjAbsoluteSessionInProgress, _cs_id, _gcl_au, _ga, _gid, _hjIncludedInPageviewSample, _hjSession_<hotjar-id>, _hjIncludedInSessionSample_<hotjar-id>

Linkedin

lidc, AnalyticsSyncHistory, UserMatchHistory, bcookie, li_sugr, ln_or