This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
The Google Cloud Community will be in read-only from July 16 - July 22 as we migrate to a new platform; refer to this community post for more details.
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

GCP LDAP server for WiFi authentication

Posted 2 weeks ago
andres_fastweb
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hi,

I'm trying to set up an LDAP service in GCP that can authenticate the WiFi clients in our network. I plan later to use GCP Managed AD service as central identity repository but for now I'm happy just to have basic email/pwd authentication.

i've found a couple of guide on the Google Cloud LDAP application as part of Google Cloud Identity which seems quite straightforward but I want GCP connectivity and I haven't found any guides on this except LDAP Connector (at https://cloud.google.com/integration-connectors/docs/connectors/ldap/configure) that explains how to set up a LDAP server. However in this guide I don't see any IP addres that is set as the server IP so I have my doubts I am on the right track. Seems like it should be quite straightfoward.

If anyone can point me in the right direction I would truly appreciate it.

Cheers,

Andres

0 2 97
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
kensan
Staff
Reply posted on --/--/---- --:-- AM

Hi @andres_fastweb,

Welcome to Google Cloud Community.

The LDAP connector acts as a client, enabling GCP services such as Cloud Functions or Application Integration to connect to an existing LDAP server. It is not an LDAP server itself.

You can do a workaround by deploying a traditional LDAP server in the Compute Engine. This gives you a full control and IP address that can point in your Wifi infrastructure.

Here’s a guide:

  1. Create your VPC network.

    • This will be the network for your Compute Engine.

  2. Create Compute Engine Instance.

    • In the Network interface: make sure the external IP(Ephemeral) is static IP. this will be used as a point IP for your Wifi network.

  3. Configure VPC Firewall.

    • Create a firewall that will deny all traffic except LDAP port (Port 389)

  4. Install and Configure your LDAP server software on the Compute Engine Instance.

  5. Configure your Wifi network.

    • Point the external IP of the Compute Engine Instance for your authentication.

This will also align when you eventually use the GCP Managed AD

Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help

Posted on --/--/---- --:-- AM
andres_fastweb
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hi Kensan,

Thank. you for your detailed answer.

Assuming I follow your instructions and set up an LDAP server in Compute Engine, my only concern is if it is possible to sync my server with GCP Managed AD since I don't want to have to maintain two directories.

If not, would a RADIUS solution work better i.e. have it synced with GCP Managed AD? My wifi network also supports it.

The whole idea is to have a single user directory.

Thsnks,

AA

 

0 Likes
Top Labels in this Space