Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass Active Directory Source

This thread has been viewed 10 times

  • 1.  ClearPass Active Directory Source

    Posted Apr 15, 2019 05:08 AM

    Hi

     

    ClearPass 6.7.9 is running with an Active Directory source with one primary domain controller and one backup domain controller.

    The domain controllers are named with FQDN in the respective configuration tabs.

     

    I have noticed that ClearPass sends Secure LDAP requsts to both domain controllers.

    Is this the normal behavior to load balance LDAP requests?

     

    In previous versions i think the primary have taken all the load until it became unavailable.

     

    What is the expected behaviour and have this changed with any version upgrade?



  • 2.  RE: ClearPass Active Directory Source
    Best Answer

    Posted Apr 15, 2019 06:04 AM
    The backup LDAP server will only be used as a backup LDAP server. The FQDN contains only the IP address of one of the domain controllers?
    In version 6.7.4 there was a new feature added that will log a message when a LDAP server is not available. Maybe this will also do a health check, but I don't think this is the case.

    The only way to load balance the LDAP request is to use a load balancer (maybe DNS round robin is also working).


  • 3.  RE: ClearPass Active Directory Source

    Posted Apr 15, 2019 07:18 AM

    Interesting, the messages in the Event Log was the reason I started to look into this. At the moment I can see traffic from ClearPass to both configured domain controllers, and that made me a bit confused.

     

    Thank you for the information!