02-23-2022 05:56 PM
Hi All,
I would like to find information about How many maximum LDAP can join with ISE ? But I can found only the Active directory maximum join to ISE 50 Join Points .But LDAP not see the information. Please suggest me
Solved! Go to Solution.
02-24-2022 08:40 PM
I'm not sure I understand your question. If you're asking if you can create two separate LDAP Identity Sources with the following configuration, then the answer is yes. (I would use a more identifiable name for the Sources in production)
You would also need to determine how you are going to use the separate sources in an Identity Source Sequence and/or AuthC and AuthZ Policies.
02-24-2022 01:43 PM
Only two LDAP servers (Primary/Secondary) can be configured for one LDAP connection, I'm not aware of any documented/validated maximum LDAP connection limits for ISE. The AD limit is due to the AD agent running on ISE. LDAP does not use an agent so, theoretically, it could support an unlimited number.
The more LDAP connections used, however, would likely increase the complexity of the policy model exponentially. The more LDAP connections you add to an Identity Source Sequence, the more performance and delay issues you would likely see as ISE would potentially have to search through each one in sequence to find the resource trying to authenticate.
02-24-2022 05:51 PM
Thank you for information . From your information 2 LDAP Server You mean 1 Group or 1 LDAP Connection or not ? It mean If I would like to create many the ldap group can i do that ?
02-24-2022 06:57 PM
In ISE, an LDAP Identity Source can consist of up to two LDAP servers (Primary/Secondary). ISE will allow you to configure multiple LDAP Identity Sources for either separate LDAP clusters or the same clusters (IP addresses) using different connectivity methods (LDAP/LDAPS) and/or Search Bases.
Example of two Sources with two LDAP servers each (Primary/Secondary) that use the same IP addresses (1.1.1.1, 1.1.1.2) and different search bases (OU=Finance,DC=domain,DC=local; OU=Legal,DC=domain,DC=local):
02-24-2022 07:48 PM
Thank you for information . From your figure . Example LDAP1 = (1.1.1.1, 1.1.1.2) and LDAP2 = (2.2.2.1 , 2.2.2.2) and The LDAP separate information . Can I do from your figure ?
02-24-2022 08:40 PM
I'm not sure I understand your question. If you're asking if you can create two separate LDAP Identity Sources with the following configuration, then the answer is yes. (I would use a more identifiable name for the Sources in production)
You would also need to determine how you are going to use the separate sources in an Identity Source Sequence and/or AuthC and AuthZ Policies.
02-24-2022 08:44 PM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: