Showing results for 
Search instead for 
Did you mean: 

Admins and Roles -> AAA -> Secure LDAP/Active Directory

New Contributor


I can successfully configure an LDAPS AAA for Services & Profiles, however I cannot get a successful authentication with Admins and Roles when using LDAPS or Active Directory. My goal is to let my administrators sign in with their ADDS credentials (Azure ADDS with Secure LDAP).

Admins and Roles -> AAA Configuration



Name	Azure ADDS (LDAPS)
Default Role Mapping	Yes
IP Address	20.213.x.x
Base Domain Name	OU=AADDC Users,DC=company,DC=net,DC=au
Admin Domain Name	CN=Company Bind Service Account,OU=AADDC Users,DC=company,DC=net,DC=au
Key Attribute	sAMAccountName
Search Filter	((objectClass=*)(saMAccountName=ADM-*))



When testing a known-good username, it fails. I notice that the Admins and Roles section does not allow specifying LDAPS (636) or TLS as the protocol like the Services & Profiles section does. Is this a missing feature for my firmware version?

Any assistance would be appreciated. The same settings have been used in other applications and work perfectly fine, so my belief is that the Admins and Roles AAA section does not use TLS/Secure LDAP.

Thanks in advance!


Community Admin
Community Admin

Notification: This post has been moved correct category (Zonedirector to SmartZone).

Syamantak Omer

RUCKUS Networks, CommScope!

Follow me on LinkedIn


it was tricky for me too some day. in our enviroment (onPremise AD) it works with the following setting, guess you just have to adopt to Azure LDAPs

1. Create an AAA Server
Name: DomainController
Type Active Directory
Realms:  yourdomain.local (the Domain from your UPN / Username)
Default Role Mapping No
IP Address: DC IP
Windows Domain Name: DC=yourdomain,DC=local

2. create an administrators account in SmartZone, as SmartZone Service Account:
e. g. Company-WLAN-Admins

3. create a group in Smartzone, with your needed permissions
e. g. Company-WLAN-Admins

4. Select the administrator from 2. as Member of the group from 3.

5. Create an AD SecurityGroup:
and put in your AD Users in - the Ruckus-WSG-User-  is important!!

AAA Server Authentication (

login to SZ is your full UPN Username then.

good luck


New Contributor

I have tried this again and I still am not having any luck. I am now on a vSZ High Scale running

Configuring AAA for Proxy (SZ Authenticator) against Azure LDAPS works as expected.

Configuring AAA for Administrators does not (using the exact same settings).

The error given is invalid username or password, which is incorrect as I have checked numerous known credentials that are a member of the correct group.

Are there any logs I can look at on a vSZ High Scale to see what the real reason for the LDAP connection failure for AAA Administrators was?

Upload the CA certificate to Administration > System >Certificates > SZ Trusted CA Certificates/Chain (external). This allowed AD (TLS) to work for my internal domain. No other settings changes and I was getting that same error