Security

Reply
New Contributor
Posts: 3
Registered: ‎08-01-2013

Clearpass AD BIND

I am looking for information on the option in CPPM | Authentication Sources "Bind User" (Allow bind using user password)

Sometimes we have to enable and other times disabling it works.  I would like to understand what this options is actually doing.

Guru Elite
Posts: 20,759
Registered: ‎03-29-2007

Re: Clearpass AD BIND

From the CPPM Help:

 

"Enable this checkbox to authenticate users by performing a bind operation on the directory using the credentials (user name and password) obtained during authentication. For clients to be authenticated by using the LDAP bind method, Policy Manager must receive the password in cleartext."

 

Please see the entry here:  https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol#Bind_.28authenticate.29



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 3
Registered: ‎08-01-2013

Re: Clearpass AD BIND

Colin,  Thanks for the reply. 

Just to be clear if the option is not checked it uses the Bind DN as the credientials but if the option is checked then it uses the credientials supplied to do the bind?

 

Guru Elite
Posts: 20,759
Registered: ‎03-29-2007

Re: Clearpass AD BIND

That is the way I understand it,, yes.

 

If you allow the actual credentials  of the authenticating to be used, and the user does not have the rights  (Novell LDAP makes this a possibility) to obtain his/her own groups, for example, it could make your policy evaluation fail.  Best practice, you should maintain a dedicated user to do this so that you have consistent results.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: