Map Existing LDAP Groups to the AAA Server

Prerequisites:
  • Create groups in LDAP. For information, see the appropriate LDAP technical documents.
  • Define which users you want to add to the group(s) in the LDAP.
  • Define an LDAP query that returns all users in the organizational unit. See Create an LDAP Query.

This example assumes that you are using Microsoft Active Directory. For other LDAP directories, please consult the manufacturer's documentation.

  1. From your LDAP Active Directory Server Administration Console, select the appropriate organizational unit (in the example, "Group OU" which hosts the LDAP groups), then select New Group.


  2. Enter a new Group name, select the appropriate Group scope, then select Group type for your organization.
  3. Click OK.
  4. To set the content of the new group (to choose people to belong to the group), click on the new "Marketing" group’s Properties.
  5. Select the Marketing group’s Properties Members, then click Add. A list of all the users belonging to the OU group (for example, trader.com) is displayed.
  6. Select the objects (or select multiple members) that you want to add to the new group (use Shift+click or Ctrl+click to select more than one user).
  7. Click Add. All the names are displayed in the pane at the bottom of the window.
  8. Click OK.
  9. Return to the AAA Server Administration Console to map this existing LDAP group to a new AAA Server group.

  10. From the pane to the left of the AAA Server Administration Console, right-click on Groups, then select New Group... from the menu.


  11. Enter the name for the new group (for example, Marketing), and from the Query drop-down list, select a query that you already have defined. The example illustrates the high-level OU, named "People".
  12. Click OK. The Administration Console displays the following dialog box.

  13. In the Filter section of the screen, from the Type drop-down list, select LDAP Group, then click Add.


  14. Select the group from the list of groups displayed, then click Add.

    This list is populated from the LDAP groups configured in the LDAP connection options. See Configure the Connection to LDAP.

  15. In the Group / Gate Assignments portion of the screen, click Add.


  16. Select a Gate from the drop-down list.
  17. Select the authorization (AZ) and accounting (AC) profiles and click OK.
  18. Click Save to apply the group/gate assignment.