Role Mapping for On-Premises LDAP

Authentication Role Mapping for On-Premises LDAP enables you to assign different Access Role Profiles and Policy Lists to different sub-user groups by creating mapping rules based on user attributes. For example, you could  assign a Premium Access Role Profile with larger bandwidth to the VIP group in LDAP. The Role Mapping for On-Premises LDAP Screen displays all configured mappings and is used to create, edit, and delete mappings.

Creating a Mapping

Click on the Add icon to bring up the Create Role Mapping for LDAP Screen. Complete the fields as described below, then click on the Create button.

• Name - User-configured name for the mapping rule.
• Priority - Priority of the role mapping rule.  A user requesting LDAP/AD authentication may match several role mapping rules; the one with highest priority will take effect after passing authentication. (Range = 1 - 99, 1 is the highest priority and 99 is the lowest)
• LDAP/AD Attributes Condition
• Attribute - LDAP/AD attributes used as role mapping rule key.
• Value - Attribute's value on the LDAP Server.

Note: You can also click on the Fetch button to fetch attributes from the LDAP/AD Server to specify mapping conditions.

• Action - Accept or Reject user authentication with 802.1X matching with Access Policy.
• Default Access Role Profile - Access Role Profile applied to the user after matching the role mapping rule.
• Default Policy List - Policy List applied to the user after matching the role mapping rule.
• Other Attributes - Select an attribute from the drop-down, enter a value and click on the Add icon to add the attribute. Repeat the process to add additional attributes.
  • Session Timeout - The Session Timeout Interval is the maximum number of consecutive seconds of connection allowed to the user before termination of the session or prompt. If not configured, the device’s default session timeout policy will take effect. (Range = 12000 - 86400, Default =43200)
  • Accounting Interim Interval - Interval for RADIUS accounting, in seconds. If not configured, the device’s default accounting policy will take effect. (Range = 60 - 1200, Default = 600)
  • WISPr Bandwidth Max Up - The user upstream bandwidth, in kbit/s. By default, it is not limited.
  • WISPr Bandwidth Max Down - The user downstream bandwidth, in kbit/s. By default, it is not limited.

Editing a Mapping

Select a mapping Role Mapping List and click on the Edit icon. Edit the field(s) as described above, and click on the Apply button. Note that you cannot edit a Mapping  Name.

Deleting a Mapping

Select a mapping in the Role Mapping List and click on the Delete icon. Click OK at the Confirmation Prompt.

Role Mapping List

The Role Mapping List displays information about all configured mappings.

• Condition - The mapping condition.
• Default Access Role Profile - Access Role Profile applied to the user after matching the role mapping rule.
• Default Policy List - Policy List applied to the user after matching the role mapping rule.
• Name - User-configured name for the mapping rule.
• Priority - Priority of the role mapping rule.  A user requesting LDAP/AD authentication may match several role mapping rules; the one with highest priority will take effect after passing authentication. (Range = 1 - 99, 1 is the highest priority and 99 is the lowest).