You don't need LDAP or LDAPS for the domain join, that uses Kerberos and DNS. But if you use LDAPS instead of LDAP, which is strongly recommended, you will of course need port 636 open from ClearPass to your AD servers and 389 could be blocked in that case.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Mar 08, 2022 12:53 PM
From: Michel Misonne
Subject: Clearpass domain Join port used : LDAPS instead on LDAP
Hello
I see in Aruba documentation port requirement to join AD are : Kerberos....DNS.. and LDAP.
The question is to know if I can use LDAPS (636) instead of LDAP (389).
(I do not mean LDAPS for configuring external source.. I know it is possibe to use LDAPS for External source.)
I mean LDAPS for AD join.
Regards
Michel Misonne
------------------------------
Michel Misonne
------------------------------