Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

CPPM: Does Primary LDAP take over after recovering?

This thread has been viewed 0 times

  • 1.  CPPM: Does Primary LDAP take over after recovering?

    Posted Jan 31, 2020 08:09 AM

    I've done a search for this, but didn't find a definitive answer. Suppose the Primary LDAP server goes offline, and a backup server takes over. 

     

    Once the Primary comes back online, will Clearpass automatically go back to it, in the same way that a Router in HSRP with preeempt will?

     

    Or, does the backup become and remain the new primary until an admin manually changes it back?

     

    Thanks.



  • 2.  RE: CPPM: Does Primary LDAP take over after recovering?
    Best Answer

    EMPLOYEE
    Posted Jan 31, 2020 12:04 PM

    Hi,

     

    when a auth req hits service, user lookup is always done against primary

    if not reachable based on timeout it ll reach out to secondary every time.

     

    It better to enabled the DNS caching on ClearPass introuduced in 6.7.0 Onwards to avoid the delay in AD authentications caused due to DNS.