https://community.cisco.com/t5/network-access-control/active-directory/m-p/3497680#M536636 <HTML><HEAD></HEAD><BODY><P>I am requesting a feature enhancement to ISE 2.1:</P><P></P><P>We are currently using Active Directory as an external identity source, however, all queries are over default TCP/389. We would like to continue using Active Directory as the external identity source, but over the secure LDAP, TCP/636</P><P></P><P>Is this possible? There is an external identity source available for LDAPS, but carries additional administration overhead. The Active Directory plugin integrates well.</P></BODY></HTML> Fri, 30 Dec 2016 15:41:20 GMT anthony.munro 2016-12-30T15:41:20Z https://community.cisco.com/t5/network-access-control/active-directory/m-p/3497680#M536636 <HTML><HEAD></HEAD><BODY><P>I am requesting a feature enhancement to ISE 2.1:</P><P></P><P>We are currently using Active Directory as an external identity source, however, all queries are over default TCP/389. We would like to continue using Active Directory as the external identity source, but over the secure LDAP, TCP/636</P><P></P><P>Is this possible? There is an external identity source available for LDAPS, but carries additional administration overhead. The Active Directory plugin integrates well.</P></BODY></HTML> Fri, 30 Dec 2016 15:41:20 GMT https://community.cisco.com/t5/network-access-control/active-directory/m-p/3497680#M536636 anthony.munro 2016-12-30T15:41:20Z https://community.cisco.com/t5/network-access-control/active-directory/m-p/3497681#M536637 <HTML><HEAD></HEAD><BODY><P>When ISE communicates with Microsoft Active Directory using ISE AD runtime agent (via AD join points), it encrypts the connections even though using TCP/389, and this is not configurable.</P><P></P><P>ISE may also connect to AD using LDAP protocol (via LDAP connector or LDAP ID source), where you have the option to use LDAPS.</P><P></P><P><IMG alt="Screen Shot 2016-12-30 at 2.32.57 PM.png" class="image-1 jive-image" height="304" src="/legacyfs/online/fusion/103456_Screen Shot 2016-12-30 at 2.32.57 PM.png" style="height: 303.516px; width: 485px;" width="485" /></P></BODY></HTML> Fri, 30 Dec 2016 22:34:17 GMT https://community.cisco.com/t5/network-access-control/active-directory/m-p/3497681#M536637 hslai 2016-12-30T22:34:17Z