Re: WebAuthetication with multi LDAP Server - only first server works

Ugoweb · ‎02-25-2019

Hi,

I use web authentication with a single LDAP server, and it works fine (Server1 contoso.com:389).

Now I added a new LDAP server (Server2 cisco.com:389) for web authentication.

So in "WLANs - LDAP server" I input both server 1 and 2.

Authentication works just on the first server; if I try authentication on Server2, don't authenticate (web page).

So it seems just "Server1" can authenticate the request.

In fact, if I switch server1 and server2, then authentication works fine (authentication on cisco.com, now on Server1).

Haydn Andrews · ‎02-25-2019

Are the two LDAP servers synced? as in have the same username/passwords?

With multiple auth servers the first one is used, if the username is there it will not move onto the secondary, only if the username does not exist.

The fact you swapped them and the secondary when set as primary works shows that there is nothing wrong with the actual server.

Are you using ISE for the captive portal or just from the WLC?

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***

Ugoweb · ‎02-25-2019

The 2 server LDAP is not sync only trusted.

server 1 --> 10.2.x.y --> contoso.com

server 2 --> 10.20.x.y --> cisco.com

field for authetication uPN (email address)

The accoun exist only on server 2

When i using account present only server 1 authetication is perfect.

When i using account present only server 2 NOT authentic

If switch order LDAP server authentic server 2 but not authentic server 1

Are you using ISE for the captive portal or just from the WLC? --> Only WLC