We setup a WiFi system in our school and currently we are using single password to let teachers login into campus WiFi. Next Semester we want to let kids login into WiFi for in class activities.
We provide them with office 365 accounts(Free version for education) and it comes with Azure AD. Is there a way I can authenticate the students into WiFi using Azure AD? Do I need to add additional infrastructure? My WiFi controller(Has public IP) comes with option for setting LDAP server. Is there something I can do to make Azure AD work like LDAP server. Being a non profit we have limited resources so please suggest a economical solution.
Azure Active Directory supports various authentication APIs and protocols, but LDAP isn't amongst them.
However, Azure AD Domain Services (currently in preview) will be able to help you here, because they allow you to treat the user database in Azure AD just like an actual AD domain, including joining machines to it and performing LDAP queries.
Some other info: https://azure.microsoft.com/en-us/documentation/articles/active-directory-ds-overview
http://azureblogger.com/2016/01/azure-ad-domain-services-and-ldap-enabled-application-for-cloud-only-tenants
Note: even if this works, it will probably be a lot trickier to setup and manage than simply running a real Windows Server DC.
This can be done if your router supports secure ldap (ldaps). I'm not sure if there is a cost for O365 education but the virtual dns servers required to get this azure ad domain services working costs about $60/month.