How to configure LDAP on Omada Gateway

G36W-4G , ER8411 , ER7206( V1 V2 ) , ER707-M2 , G36 , ER706W-4G , ER706W , ER605( V2 ) , G611
Recent updates may have expanded access to feature(s) discussed in this FAQ. Visit your product's support page, select the correct hardware version for your device, and check either the Datasheet or the firmware section for the latest improvements added to your product. Please note that product availability varies by region, and certain models may not be available in your region.
Contents
Configuring Portal Based on LDAP Authentication
Configuring VPN Based on LDAP Authentication
Objective
This article describes the implementation mode of LDAP and provides a configuration guide for users to configure and use LDAP on the Omada Gateway via the Omada Controller.
Requirements
- Omada Controller (Software Controller / Hardware Controller / Cloud-Based Controller, v5.8 and above)
- Omada Gateway
- LDAP Server
Introduction
The LDAP function for the Omada Gateway acts as an LDAP client for Portal Authentication and VPN Authentication.
- LDAP can be used as an external authentication server for Portal Authentication.
- LDAP can be used for VPN Authentication, supporting OpenVPN, L2TP VPN and PPTP VPN.
Configuration
Step 1. Launch the Omada Controller and go to Settings > Profiles > LDAP Profile. Click Create New LDAP Profile to configure an LDAP Profile. Three Bind Types are available:
- Simple Mode: LDAP clients will send bind requests only without an administrator account and password or search query permission. This mode is mainly used for scenarios where authentication accounts belong to the same LDAP directory node.
- Anonymous Mode: LDAP clients can send bind requests and search queries without an administrator account and password.
- Regular Mode: LDAP clients can send bind requests and search queries with an administrator account and password. This mode is used for scenarios where authentication accounts belong to the same or different LDAP directory nodes.
Note: For most LDAP servers, sending search queries and bind requests requires administrator authentication. Therefore, it is recommended that you choose Regular Mode.
Step 2. Configure the LDAP Profile parameters. Take Regular Mode as an example. Specify the parameters for your LDAP Server:
- Server Address: The IP address or URL of the LDAP Server.
- Destination Port: The port ID of the LDAP server. By default, the port ID is 389 when SSL is disabled and 636 when SSL is enabled.
- Regular DN: The distinguished name (DN) of the administrator account for the LDAP Server.
- Regular Password: The password of the administrator account for the LDAP Server.
- Common Name Identifier: UID or CN corresponding to the one configured in the LDAP Server.
- Base Distinguished Name: The upper directory node for the users to be authenticated in the LDAP Server. Click the Query icon on the right to view the directory structure and select the node.
- Additional Filter: The additional filter for user authentication. If this field is specified, the user to be authenticated should match the value. This field is optional.
- Group Distinguished Name: The group identifier for user authentication. If this field is specified, the user to be authenticated should match the value. Click the Query icon on the right to view the directory structure and select the node. This field is optional.
Configuring Portal Based on LDAP Authentication
Step 1. Launch the Omada Controller, go to Settings > Authentication > Portal, and click Create New Portal. Select External LDAP Server for Authentication Type and the profile created for LDAP Profile.
Configuring VPN Based on LDAP Authentication
Step 1. Launch the Omada Controller, go to Settings > VPN > VPN, and click Create New VPN Policy.
- Configure Open VPN based on LDAP. Select Client-to-Site VPN for Purpose and VPN Server – OpenVPN for VPN Type. Enable the Account Password and choose the LDAP Profile created. Refer to the VPN configuration guide for other parameters configurations.
- Configure L2TP VPN based on LDAP. Select Client-to-Site VPN for Purpose and VPN Server – L2TP for VPN Type. Select LDAP for Authentication Mode and choose the LDAP Profile created. Refer to the VPN configuration guide for other parameter configurations.
- Configure PPTP VPN based on LDAP. Select Client-to-Site VPN for Purpose and VPN Server – PPTP for VPN Type. Select LDAP for Authentication Mode and choose the LDAP Profile created. Refer to the VPN configuration guide for other parameter configurations.
Conclusion
With the steps above, you have successfully configured LDAP Profile and other functions using the LDAP Profile on the Omada Gateway.
To get more details about each function and configuration, please go to the Download Center to download the manual for your product.
Why can I not connect to the LDAP server when configuring the LDAP Profile?
Re: Please make sure you have configured the LDAP Server parameters correctly. You can use a generic LDAP client tool with the same settings to verify your configuration.
Questa faq è utile?
Your feedback helps improve this site.
What’s your concern with this article?
- Dissatisfied with product
- Too Complicated
- Confusing Title
- Does not apply to me
- Too Vague
- Other
Grazie
We appreciate your feedback.
Click here to contact TP-Link technical support.
Questo sito utilizza i cookies per migliorare l'esperienza di navigazione, analizzare le attività online e offrire agli utenti una migliore user experience. Puoi disattivare o rifiutare il loro utilizzo in qualunque momento. Per maggiori informazioni consulta la nostra privacy policy .
Questo sito utilizza i cookies per migliorare l'esperienza di navigazione, analizzare le attività online e offrire agli utenti una migliore user experience. Puoi disattivare o rifiutare il loro utilizzo in qualunque momento. Per maggiori informazioni consulta la nostra privacy policy .
Basic Cookies
Questi cookies sono necessari per il corretto funzionamento del sito e non possono essere disattivati nel tuo sistema.
TP-Link
accepted_local_switcher, tp_privacy_base, tp_privacy_marketing, tp_smb-select-product_scence, tp_smb-select-product_scenceSimple, tp_smb-select-product_userChoice, tp_smb-select-product_userChoiceSimple, tp_smb-select-product_userInfo, tp_smb-select-product_userInfoSimple, tp_top-banner, tp_popup-bottom, tp_popup-center, tp_popup-right-middle, tp_popup-right-bottom, tp_productCategoryType
Livechat
__livechat, __lc2_cid, __lc2_cst, __lc_cid, __lc_cst, CASID
Youtube
id, VISITOR_INFO1_LIVE, LOGIN_INFO, SIDCC, SAPISID, APISID, SSID, SID, YSC, __Secure-1PSID, __Secure-1PAPISID, __Secure-1PSIDCC, __Secure-3PSID, __Secure-3PAPISID, __Secure-3PSIDCC, 1P_JAR, AEC, NID, OTZ
Analytics e Marketing Cookies
I cookies analitici ci permettono di analizzare le tue attività sul nostro sito allo scopo di migliorarne le funzionalità.
I marketing cookies possono essere impostati sul nostro sito dai nostri partner pubblicitari allo scopo di creare un profilo di tuo interesse e proporti contenuti pubblicitari rilevanti su altri siti.
Google Analytics & Google Tag Manager
_gid, _ga_<container-id>, _ga, _gat_gtag_<container-id>
Google Ads & DoubleClick
test_cookie, _gcl_au
Meta Pixel
_fbp
Crazy Egg
cebsp_, _ce.s, _ce.clock_data, _ce.clock_event, cebs
lidc, AnalyticsSyncHistory, UserMatchHistory, bcookie, li_sugr, ln_or