User's Guide
Table Of Contents
- Table of Contents
- Preface
- Welcome to Extreme Campus Controller
- Dashboard
- Monitor
- Sites List
- Device List
- Access Points List
- Smart RF Widgets
- Switches List
- Networks List
- Clients
- Policy
- Configure
- Network Configuration Steps
- Sites
- Add a Site
- Modifying Site Configuration
- Site Location
- Adding Device Groups to a Site
- Add or Edit a Configuration Profile
- Associated Profiles
- Associated Networks
- Mesh Point Profile Configuration
- Configure Client Bridge
- Understand Radio Mode
- Radio as a Sensor
- Advanced AP Radio Settings
- VLAN Profile Settings
- AirDefense Profile Settings
- ExtremeLocation Profile Settings
- IoT Profile Settings
- Positioning Profile Settings
- Analytics Profile Settings
- RTLS Settings
- Advanced Configuration Profile Settings
- Configuring RF Management
- Configuring a Floor Plan
- Advanced Tab
- Devices
- Networks
- Policy
- Automatic Adoption
- ExtremeGuest Integration
- AAA RADIUS Authentication
- Onboard
- Onboard AAA Authentication
- Manage Captive Portal
- Manage Access Control Groups
- Access Control Rules
- Tools
- Administration
- System Configuration
- Manage Administrator Accounts
- Extreme Campus Controller Applications
- Product License
- Glossary
- Index
Table 75: LDAP Schema Definition Settings (continued)
Field Description
User Authentication Type Specifies the user authentication. Valid values are:
• LDAP Bind – Only works with a plain text password. It is
useful for authentication from the captive portal but does
not work with most 802.1x authentication types.
• NTLM Auth – This option is only useful when the backend
LDAP server is a Microsoft Active Directory server. This is an
extension to LDAP bind that will use ntlm_auth to verify the
NT hash challenge responses from a client in MsCHAP,
MsCHAPV2, and PEAP requests.
• NT Hash Password Lookup – If the LDAP server has the
user’s password stored as an NT hash that is readable by
another system, you can have Identity and Access read the
hash from the LDAP server to verify the hashes within an
MsCHAP, MsCHAPV2, and PEAP request.
• Plain Text Password Lookup – If the LDAP server has the
user’s password stored unencrypted and that attribute is
accessible to be read via an LDAP request, then this option
reads the user’s password from the server at the time of
authentication. This option can be used with any
authentication type that requires a password.
User Password Attribute This is the name of the password used with the NT Hash
Password Lookup and Plain Text Password Lookup listed above.
Host Search Class Indicates the class used for hostname.
Host Search Attribute Indicates the name of the attribute in the host object class that
contains the hostname.
Use Fully Qualified Domain Name Select this option to use the Fully Qualified Domain Name
(FQDN). Clear this option to use the hostname without domain.
OU Object Classes Organizational Unit Object Classes
Related Topics
LDAP Configurations on page 299
LDAP Test Results
Test the LDAP configuration to verify the LDAP connection, search for a user, and search for a host. Use
this information to troubleshoot LDAP connections.
The Connection Test tab displays results for the following:
• Active Directory Domain
• User Search
• Host Search
• OU Test
Search for specific users or specific Host addresses from the User Search tab and the Host Search tab
respectively. Details about the search criterion are displayed.
Onboard
LDAP Configurations
Extreme Campus Controller User Guide for version 5.46.03 301