Frequent Contributor I

ClearPass Active Directory Source



ClearPass 6.7.9 is running with an Active Directory source with one primary domain controller and one backup domain controller.

The domain controllers are named with FQDN in the respective configuration tabs.


I have noticed that ClearPass sends Secure LDAP requsts to both domain controllers.

Is this the normal behavior to load balance LDAP requests?


In previous versions i think the primary have taken all the load until it became unavailable.


What is the expected behaviour and have this changed with any version upgrade?

Best Regards
Jonas Hammarbäck | Aranya AB
Network Architect, ACMA, ACMP, ACCP
Super Contributor II

Re: ClearPass Active Directory Source

The backup LDAP server will only be used as a backup LDAP server. The FQDN contains only the IP address of one of the domain controllers?
In version 6.7.4 there was a new feature added that will log a message when a LDAP server is not available. Maybe this will also do a health check, but I don't think this is the case.

The only way to load balance the LDAP request is to use a load balancer (maybe DNS round robin is also working).

Willem Bargeman ACMX#935 | ACCX #822

Please give me kudos if my post was useful!
If your issue is solved mark the post as solution!
Frequent Contributor I

Re: ClearPass Active Directory Source

Interesting, the messages in the Event Log was the reason I started to look into this. At the moment I can see traffic from ClearPass to both configured domain controllers, and that made me a bit confused.


Thank you for the information!

Best Regards
Jonas Hammarbäck | Aranya AB
Network Architect, ACMA, ACMP, ACCP
Search Airheads
Showing results for 
Search instead for 
Did you mean: