cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1089
Views
1
Helpful
1
Replies

Active Directory

anthony.munro
Level 1
Level 1

I am requesting a feature enhancement to ISE 2.1:

We are currently using Active Directory as an external identity source, however, all queries are over default TCP/389. We would like to continue using Active Directory as the external identity source, but over the secure LDAP, TCP/636

Is this possible? There is an external identity source available for LDAPS, but carries additional administration overhead. The Active Directory plugin integrates well.

1 Accepted Solution

Accepted Solutions

hslai
Cisco Employee
Cisco Employee

When ISE communicates with Microsoft Active Directory using ISE AD runtime agent (via AD join points), it encrypts the connections even though using TCP/389, and this is not configurable.

ISE may also connect to AD using LDAP protocol (via LDAP connector or LDAP ID source), where you have the option to use LDAPS.

Screen Shot 2016-12-30 at 2.32.57 PM.png

View solution in original post

1 Reply 1

hslai
Cisco Employee
Cisco Employee

When ISE communicates with Microsoft Active Directory using ISE AD runtime agent (via AD join points), it encrypts the connections even though using TCP/389, and this is not configurable.

ISE may also connect to AD using LDAP protocol (via LDAP connector or LDAP ID source), where you have the option to use LDAPS.

Screen Shot 2016-12-30 at 2.32.57 PM.png