Solved: Re: ISE LDAPS AD join points

TommyNilsson0342 · ‎01-13-2020

In March our AD environment will no longer support LDAP simple bind over 389, Only LDAPS over 636 will be allowed. this is according

: https://support.microsoft.com/en-us/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows

In ISE We will change our LDAP iditenty sources to LDAPS. But I can not find any information on AD join points and how it is affected by it and if there is any settings for it.

On LDAP identity sources do I need to change anything else or just AD Join Point?

hslai · ‎01-16-2020

AD join points not affected AFAIK. Please also see my responses in MS advisory ADV190023 ISE ldap

View solution in original post

Mateen Ahmad · ‎01-14-2020

Hello,

Yes, for secure connection between ISE and LDAPS you have to enable Secure Authentication and select root certificate from drop down list

Steps: Administration>External identity sources> LDAP>your_LDAP>Connection.

TommyNilsson0342 · ‎01-14-2020

I saw that now and we will try that.

Mateen Ahmad · ‎01-14-2020

Please share result after you done.

TommyNilsson0342 · ‎01-15-2020

I understand this step: Steps: Administration>External identity sources> LDAP>your_LDAP>Connection.

But what I am wondering about is Administration>External identity sources>Active directory.

How will this be affected when using LDAPS instead of LDAP.

You can not change any ports here.

After you have pressed submit there you type in a AD account that joins ISE in the AD.

But when ISE have joined what protocol does it run and how do you change LDAP to LDAPS since microsoft will have a AD security patch removing LDAP.

including a pic as well.

hslai · ‎01-16-2020

AD join points not affected AFAIK. Please also see my responses in MS advisory ADV190023 ISE ldap