Re: Clearpass AD BIND

I am looking for information on the option in CPPM | Authentication Sources "Bind User" (Allow bind using user password)

Sometimes we have to enable and other times disabling it works. I would like to understand what this options is actually doing.

Highlighted

From the CPPM Help:

"Enable this checkbox to authenticate users by performing a bind operation on the directory using the credentials (user name and password) obtained during authentication. For clients to be authenticated by using the LDAP bind method, Policy Manager must receive the password in cleartext."

Please see the entry here: https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol#Bind_.28authenticate.29

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars

Colin, Thanks for the reply.

Just to be clear if the option is not checked it uses the Bind DN as the credientials but if the option is checked then it uses the credientials supplied to do the bind?

That is the way I understand it,, yes.

If you allow the actual credentials of the authenticating to be used, and the user does not have the rights (Novell LDAP makes this a possibility) to obtain his/her own groups, for example, it could make your policy evaluation fail. Best practice, you should maintain a dedicated user to do this so that you have consistent results.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars

Security

Clearpass AD BIND