Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1108
Views
5
Helpful
1
Replies

ACS 5.8: Using AD vs LDAP

Go to solution
Nadav
Level 7
Level 7

‎10-28-2015 01:55 PM - edited ‎03-10-2019 11:11 PM

Hi everyone,

I'm migrating from 4.2, and I'm interested in knowing what is the benefit of joining the domain rather than just performing LDAP queries on a search base.

1) Is it mostly an issue for RADIUS authentication rather than for TACACS+, and if so is it at all useful for a TACACS+ only deployment?

2) Is there a noticeable performance difference, and if so then which performs best?

3) Are there any pitfalls in joining the domain rather than using LDAP?

Thanks for your thoughts!

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jagdeep Gambhir
Level 10
Level 10

‎10-28-2015 02:18 PM

Hod,

Performance wise there is no as such difference and deciding which database to use depends on type of authentication we use. Some protocol like mschap is not supported by LDAP so incase you do wireless authentication using PEAP, AD will work.

Here is the protocol compatablity chart,

http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-4/user/guide/acsuserguide/eap_pap_phase.html#45144

Regards,

~JG

Do rate helpful posts

View solution in original post

1 Reply 1

Go to solution
Jagdeep Gambhir
Level 10
Level 10

‎10-28-2015 02:18 PM

Hod,

Performance wise there is no as such difference and deciding which database to use depends on type of authentication we use. Some protocol like mschap is not supported by LDAP so incase you do wireless authentication using PEAP, AD will work.

Here is the protocol compatablity chart,

http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-4/user/guide/acsuserguide/eap_pap_phase.html#45144

Regards,

~JG

Do rate helpful posts

Customers Also Viewed These Support Documents