Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1168
Views
0
Helpful
2
Replies

ISE LDAP Integration - How does ISE check Ldap connection

mmisonne
Level 2
Level 2

‎02-08-2020 09:21 AM

Hello
I have a Customer who is worried about LDAP binds and unbinds request from ISE.
He does not want his Ldap to have a lots of Binds open and never closed .

The main question is to know if ISE check regulary the Ldaps connection , and how ?
( Using Bind request, ? Bind search.. Unbind..?)
Any idea about that ?
If you do not know, can you give me which log to look at ?

Michel Misonne

0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-08-2020 07:42 PM

It does a bind. I haven't seen explicit unbinds in the little bit of testing II did (primarily looking at the LDAP portion of an AD integration vs. a pure LDAP setup).

To resolve any doubt, do a Wireshark packet capture on your LDAP server while performing ISE connections and authentications. The packets don't lie. :)

0 Helpful

mmisonne
Level 2
Level 2
In response to Marvin Rhoads

‎02-09-2020 08:11 AM

Indeed packets don't lie...provided that connection is not secure

I checked and found:

-There is no keep-alive between ISE and Ldap.

   i.e. , if there is no authentication, there is absolutely no trafic. 

- For 1 user authentication, there is 2 bind done ( Search and authentication) , followed by 2 Undbind 30 sec later.

- If we do manualy a Bind-test, in that case, there is no Unbind , and the connection  may stay open.

    This could cause a pb , specifically, if we do multiple Bind-test .

 

 

 

Michel.

0 Helpful
Customers Also Viewed These Support Documents