Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1057
Views
1
Helpful
1
Replies

Active Directory

Go to solution
anthony.munro
Level 1
Level 1

‎12-30-2016 07:41 AM

I am requesting a feature enhancement to ISE 2.1:

We are currently using Active Directory as an external identity source, however, all queries are over default TCP/389. We would like to continue using Active Directory as the external identity source, but over the secure LDAP, TCP/636

Is this possible? There is an external identity source available for LDAPS, but carries additional administration overhead. The Active Directory plugin integrates well.

1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎12-30-2016 02:34 PM

When ISE communicates with Microsoft Active Directory using ISE AD runtime agent (via AD join points), it encrypts the connections even though using TCP/389, and this is not configurable.

ISE may also connect to AD using LDAP protocol (via LDAP connector or LDAP ID source), where you have the option to use LDAPS.

Screen Shot 2016-12-30 at 2.32.57 PM.png

View solution in original post

0 Helpful
1 Reply 1

Go to solution
hslai
Cisco Employee
Cisco Employee

‎12-30-2016 02:34 PM

When ISE communicates with Microsoft Active Directory using ISE AD runtime agent (via AD join points), it encrypts the connections even though using TCP/389, and this is not configurable.

ISE may also connect to AD using LDAP protocol (via LDAP connector or LDAP ID source), where you have the option to use LDAPS.

Screen Shot 2016-12-30 at 2.32.57 PM.png

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents