Administrator Guide
Primary Page
Figure 150 Primary Page: Generic LDAP Authentication Database
Table 34: Primary Parameters for an LDAP Authentication Source
Parameter Action/Description
Hostname
1. Enter the name or IP address of the LDAP server you’re going to use for
authentication.
Note that most domain controllers are also LDAP servers. W-ClearPass uses LDAP to
talk to the domain controller.
Connection Security
2. Set Connection Security to: LDAP over SSL.
This enables the secure sockets layer (SSL) cryptographic protocol to connect to your
Active Directory. Selecting LDAP over SSL automatically populates the Port field to
636.
NOTE: In a production environment, security is a concern because when W-ClearPass
binds to an LDAP server, it submits the username and password for that account over
the network under clear text unless you protect it using Connection Security and set
the port to 636.
NOTE: To ensure successful authentication, be sure to add the CA certificate of the
LDAP server to the Certificate Trust List. For more information, refer to Importing the
Root CAFiles to the Certificate Trust List.
Port
3. Specify the TCP port at which the LDAP server is listening for connections.
For a single domain LDAP Domain Service:
l Default port for LDAP: 389
l Default port for LDAP over SSL: 636
When you set the Connection Security field to AD over SSL, this port is automatically
set to 636.
Dell Networking W-ClearPass Deployment Guide Preparing W-ClearPass for LDAP and SQLAuthenticationSources | 181