Re: Secure LDAP

sandjose · ‎02-21-2011

I know the WLC supports LDAP based authentication,

Our environment requires integrating the WLC directly with LDAP and it needs to be secure.

Secure LDAP was supported in WLC, but i find that it has been removed from WLC based on the link below . Need to understand if secure LDAP is supported or is the link below outdated.

http://www.cisco.com/en/US/products/ps6366/products_white_paper09186a0080b4cd24.shtml

Nicolas Darchis · ‎02-21-2011

No you cannot do secure LDAP.

I don't remember it being supported so either it was a confusion with "authenticated " ldap which you can still do or the option was there but the code behind was not working (that's why it was removed).

I forgot the historical reason but for sure now it's not supported and you can't even configure it.

Nicolas

sandjose · ‎02-22-2011

Nicolas ,

What you are mentioning is about the bind method "Authenticated or Anonymous”, irrespective of the bind the packet is plain text and how do i ensure that to be encrypted .

Thinking about it i thought of doing IPSEC to the LDAP server, but the WLC would only support IPSEC for Radius servers and not LDAP.

The link below tells it was supported and new releases stopped supporting it .

Searched how the other vendors do the same and it seems Aruba does supports secure LDAP.

Clearly a limitation on the product

Nicolas Darchis · ‎02-22-2011

I know, that's why I said it was not to be confused with "authenticated".

Secure LDAP is easier known as LDAP/SSL

This is a limitation that is being worked on by the Business Unit.

The current alternative is to use a radius server like ACS to interconnect a LDAP database with the WLC with all security needed.