Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass AD BIND

This thread has been viewed 15 times

  • 1.  Clearpass AD BIND

    Posted Mar 27, 2015 03:20 PM

    I am looking for information on the option in CPPM | Authentication Sources "Bind User" (Allow bind using user password)

    Sometimes we have to enable and other times disabling it works.  I would like to understand what this options is actually doing.



  • 2.  RE: Clearpass AD BIND

    EMPLOYEE
    Posted Mar 27, 2015 06:32 PM

    From the CPPM Help:

     

    "Enable this checkbox to authenticate users by performing a bind operation on the directory using the credentials (user name and password) obtained during authentication. For clients to be authenticated by using the LDAP bind method, Policy Manager must receive the password in cleartext."

     

    Please see the entry here:  https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol#Bind_.28authenticate.29



  • 3.  RE: Clearpass AD BIND

    Posted Mar 30, 2015 07:07 AM

    Colin,  Thanks for the reply. 

    Just to be clear if the option is not checked it uses the Bind DN as the credientials but if the option is checked then it uses the credientials supplied to do the bind?

     



  • 4.  RE: Clearpass AD BIND
    Best Answer

    EMPLOYEE
    Posted Mar 30, 2015 07:39 AM

    That is the way I understand it,, yes.

     

    If you allow the actual credentials  of the authenticating to be used, and the user does not have the rights  (Novell LDAP makes this a possibility) to obtain his/her own groups, for example, it could make your policy evaluation fail.  Best practice, you should maintain a dedicated user to do this so that you have consistent results.