Adding and Managing a Directory Server Profile

You can add a Directory Server profile to provide a user authentication mechanism that can be associated with one or more captive portal networks that utilize an Active Directory or Lightweight Directory Access Protocol (LDAP) Server.

Complete the following steps to add a Directory Server profile.
  1. From the navigation bar, select Network Control > My Services > Directory Server.
    Alternatively, in the Network Control > My Services page, click Add Service and locate the Directory Server tile, and click Add.
    Directory Server

    The Directory Server page displays all directory server profiles defined in the RUCKUS One account:

    • Name: Displays the name of the Directory Server profile.
    • Server Type: Displays the server type (Active Directory or LDAP).
    • Server Address: Displays the FQDN or IP address along with the port.
    • Domain Name: Displays the configured domain name in the format dc=domain, dc=ruckuswireless, dc=com.
    • Networks: Displays the number of networks currently associated with the Directory Server profile.
    You can use the Search option to display only the table entries matching the specified Name; enter a minimum of two characters. Additionally, you can filter the list of Directory Server profiles by selecting an option from the drop-down list in the Networks field.
    You can customize which fields appear in the Directory Server table by clicking the icon and selecting or deselecting the desired column names. Optionally, you can click Reset to default to have the default subset of columns appear in the Directory Server table. Click Clear Filters to reset the filters. You can sort the list of Directory Server profiles by clicking the associated column header.
  2. Click Add Directory Server.
    The Add Directory Server page is displayed.
    Adding a Directory Server
  3. In the Profile Name field, enter a Directory Server profile name ranging from 2 through 32 alphanumeric characters.
  4. For Server Type, select one of the options:
    • Active Directory Server: Allows clients to authenticate with the Active Directory server.
    • LDAP Server: Allows clients to authenticate with the LDAP server.
  5. Enable TLS encryption is enabled by default to ensure secure communication by encrypting data transmitted between clients and servers. You can disable this option if required
  6. In the FQDN or IP Address field, enter a valid domain name or IPV4 address.
    In the Port field, enter a port number.
    The valid range is from one through 65,535.
    • The default port number is 636 if Enable TLS encryption is enabled.
    • The default port number is 389 if Enable TLS encryption is disabled.
  7. Based on the selected server type (Active Directory or LDAP), either the Windows Domain Name or Base Domain Name field appears. Enter a valid domain name in the following format (as indicated by the selected Server Type):
    • dc=domain, dc=ruckuswireless, and dc=com
    • dc=ldap dc=com
  8. In the Admin Domain Name field, enter a valid administrator domain name in one of the following formats (as indicated by the selected Server Type):
    • admin@domain.ruckuswireless.com
    • cn=admin, dc=ruckuswireless, dc=com
  9. In the Admin Password field, enter a password.
  10. (Optional) In the Key Attribute field, enter a key attribute to denote users (the default value is uid). This option is available only when you select the Server Type as LDAP Server.
  11. (Optional) In the Search Filter field, enter a filter to retrieve LDAP directory server entries. For example, objectClass=* returns all objects in the LDAP directory. This option is available only when you select the Server Type as LDAP Server.
  12. Click Test Connection to test the Active Directory or LDAP server connection.
    The test result is displayed.
  13. (Optional) Map user attributes from your IdP to identity attributes in RUCKUS One using the exact values from your IdP; claim names are available in your IdP console. In the Identity Attributes & Claims Mapping section, enter the Identity Display Name, Identity Email, and Identity Phone Number to map user attributes in RUCKUS One using the exact values from your IdP. Note that if Identity Display Name is empty or does not match, it will default to the identity's username.
  14. (Optional) Click Add custom field, select an Attribute Type from the drop-down list and enter a Claim Name. If you want to enter another attribute name and claim name, click Add custom field again.
    The Directory Server profile is added to the Directory Server page. A notification is displayed on the Activities page, which is accessible by clicking the icon at the upper-right corner of the RUCKUS One web interface.

    You can click a specific Directory Server profile to view configuration details, identity attribute mappings, as well as a list of associated Instances displaying the network name and type.

  15. Click Add.

You can edit or delete a profile from the Directory Server page by selecting the profile and clicking Edit or Delete, or by opening the profile and clicking Configure.