topic Re: LDAP Filtering for Self-Service Guest Access Approver in ZoneDirector https://community.ruckuswireless.com/t5/ZoneDirector/LDAP-Filtering-for-Self-Service-Guest-Access-Approver/m-p/36347#M6486 Turned out I have to disable guestpass generation on Default Role. Everythings working now. My problem now is you can only have one authentication server for all Self-Service profiles you create. Support said this is working as designed. Sad. Tue, 02 Aug 2016 05:47:02 GMT mark_anthony_sa 2016-08-02T05:47:02Z LDAP Filtering for Self-Service Guest Access Approver https://community.ruckuswireless.com/t5/ZoneDirector/LDAP-Filtering-for-Self-Service-Guest-Access-Approver/m-p/36346#M6485 I'm trying to setup Self-Service Guest Access on customer's ZD but they require that select domain users can only approve Self-Service access request. Customer created a new group (sponsor/approvers) in AD and added only a few domain users as members. Also created a Role in ZD matching the new group on Group Attribute. Ruckus Support told me before to configure LDAP on ZD and set a search filter so that only the members of the AD group can login and approve Self-Service requests. Initial tests were successful and I thought that everything's OK so I left it at that.<BR /><BR />However, I returned to the customer's office a few weeks later and saw that even non-members of the group was able to approve Self-Service requests. My question now is is it really possible to filter sponsors that can approve via LDAP? Below is the LDAP configuration I did based on customer's settings. I replaced the actual company domain name but everything else is the same.<BR /><BR /><BR />base dn<BR />dc=corp,dc=company,dc=com<BR /><BR />admin dn<BR />CN=Ruckus Service Account,OU=Service Accounts,DC=CORP,DC=COMPANY,DC=COM<BR /><BR />key attribute<BR />samAccountName<BR /><BR /><BR />search filter<BR />|(objectClass=Person)(memberOf=CN=Ruckus-WifiApprovers,OU=Domain Security Groups,DC=CORP,DC=COMPANY,DC=COM)<BR /><BR /><BR />Ruckus-WifiApprovers is the Group Attribute that I configured in Roles. That is the same group in AD that customer created.<BR /><BR />I also thought that maybe because the Self-Service Guest SSID is allowed in Default Role so I removed it from there and only allowed it on Ruckus-WifiApprovers Role but result is the same. This is driving me crazy. Mon, 01 Aug 2016 11:22:19 GMT https://community.ruckuswireless.com/t5/ZoneDirector/LDAP-Filtering-for-Self-Service-Guest-Access-Approver/m-p/36346#M6485 mark_anthony_sa 2016-08-01T11:22:19Z Re: LDAP Filtering for Self-Service Guest Access Approver https://community.ruckuswireless.com/t5/ZoneDirector/LDAP-Filtering-for-Self-Service-Guest-Access-Approver/m-p/36347#M6486 Turned out I have to disable guestpass generation on Default Role. Everythings working now. My problem now is you can only have one authentication server for all Self-Service profiles you create. Support said this is working as designed. Sad. Tue, 02 Aug 2016 05:47:02 GMT https://community.ruckuswireless.com/t5/ZoneDirector/LDAP-Filtering-for-Self-Service-Guest-Access-Approver/m-p/36347#M6486 mark_anthony_sa 2016-08-02T05:47:02Z