Security

Hello,

We have a Controller with ClearPass and we use the protocol 802.1x for authentication issue with LDAP you may not make the ClearPass frequently queries the LDAP and cache is generated for a certain time, there is that option?

Thanks for your help.

Regards.

HC 

It does not look up LDAP for AD group membership for X seconds.

It is located in configuration> Authentication> Sources.  Click on your Authentication Source and then General to see the Cache timeout:

In the lower right hand corner of that same screen is a clear cache button:

The reason for that cache is that some LDAP servers cannot keep up with tons of authentications a second, so doing a lookup for a group membership constantly can slow down regular authentications.  When it does an authentication, it will cache the group memberships for X seconds, which prevents another group lookup.  It will check the authenticaton for the password, every time, however.  If you are doing testing and changing AD group memberships, you can click on clear cache to test if the user is getting the correct LDAP group membership.

Thanks for your help 

One Question? The maximum cache how long is it? right now I have it set for 10 hours 36000 seconds which is maximum time that could define ?

Regards