Security

Reply
Occasional Contributor II
Posts: 28
Registered: ‎10-08-2014

Cache Clearpass with LDAP query

Hello,

 

We have a Controller with ClearPass and we use the protocol 802.1x for authentication issue with LDAP you may not make the ClearPass frequently queries the LDAP and cache is generated for a certain time, there is that option?

 

Thanks for your help.

 

Regards.

 

HC 

Guru Elite
Posts: 20,821
Registered: ‎03-29-2007

Re: Cache Clearpass with LDAP query

It does not look up LDAP for AD group membership for X seconds.

 

It is located in configuration> Authentication> Sources.  Click on your Authentication Source and then General to see the Cache timeout:

 

 

source.png

 

In the lower right hand corner of that same screen is a clear cache button:

 

clearcache.png



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Guru Elite
Posts: 20,821
Registered: ‎03-29-2007

Re: Cache Clearpass with LDAP query

The reason for that cache is that some LDAP servers cannot keep up with tons of authentications a second, so doing a lookup for a group membership constantly can slow down regular authentications.  When it does an authentication, it will cache the group memberships for X seconds, which prevents another group lookup.  It will check the authenticaton for the password, every time, however.  If you are doing testing and changing AD group memberships, you can click on clear cache to test if the user is getting the correct LDAP group membership.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 28
Registered: ‎10-08-2014

Re: Cache Clearpass with LDAP query

Thanks for your help 

 

One Question? The maximum cache how long is it? right now I have it set for 10 hours 36000 seconds which is maximum time that could define ?

 

Regards

Search Airheads
Showing results for 
Search instead for 
Did you mean: