Cisco Cisco Email Security Appliance C170 Betriebsanweisung
3-46
Cisco IronPort AsyncOS 7.6 for Email Advanced Configuration Guide
OL-25137-01
Chapter 3 LDAP Queries
Configuring AsyncOS To Work With Multiple LDAP Servers
When you configure an LDAP profile, you can configure the Cisco IronPort appliance to connect to a
list of multiple LDAP servers. To use multiple LDAP servers, you must configure LDAP servers to
contain the same information, use the same structure, and use the same authentication information. (third
party products exist that can consolidate the records).
list of multiple LDAP servers. To use multiple LDAP servers, you must configure LDAP servers to
contain the same information, use the same structure, and use the same authentication information. (third
party products exist that can consolidate the records).
When you configure the Cisco IronPort appliance to connect to redundant LDAP servers, you can
configure the LDAP configuration for failover or load balancing.
configure the LDAP configuration for failover or load balancing.
You can use multiple LDAP servers to achieve the following results:
•
Failover. When you configure the LDAP profile for failover, the Cisco IronPort appliance fails over
to the next LDAP server in the list if it cannot connect to the first LDAP server.
to the next LDAP server in the list if it cannot connect to the first LDAP server.
•
Load Balancing. When you configure the LDAP profile for load balancing, the Cisco IronPort
appliance distributes connections across the list of LDAP servers when it performs LDAP queries.
appliance distributes connections across the list of LDAP servers when it performs LDAP queries.
You can configure redundant LDAP servers from the System Administration > LDAP page or from the
CLI
CLI
ldapconfig
command.
Testing Servers and Queries
Use the Test Server(s) button on the Add (or Edit) LDAP Server Profile page (or the
test
subcommand
in the CLI) to test the connection to an LDAP server. If you use multiple LDAP servers, AsyncOS tests
each server and displays individual results for each server. AsyncOS will also test the query on each
LDAP server and display the individual results.
each server and displays individual results for each server. AsyncOS will also test the query on each
LDAP server and display the individual results.
Failover
To ensure that LDAP queries are resolved, you can configure your LDAP profile for failover.
The appliance attempts to connect to the first server in the list of LDAP servers for a specified period of
time. If the Cisco IronPort appliance cannot connect to the first LDAP server in the list, the appliance
attempts to connect to the next LDAP server in the list. By default, the appliance always attempts to
connect to the first server in the list, and it attempts to connect to each subsequent server in the order
they are listed. To ensure that the Cisco IronPort appliance connects to your primary LDAP server by
default, ensure that you enter it as the first server in your list of LDAP servers.
time. If the Cisco IronPort appliance cannot connect to the first LDAP server in the list, the appliance
attempts to connect to the next LDAP server in the list. By default, the appliance always attempts to
connect to the first server in the list, and it attempts to connect to each subsequent server in the order
they are listed. To ensure that the Cisco IronPort appliance connects to your primary LDAP server by
default, ensure that you enter it as the first server in your list of LDAP servers.
If the Cisco IronPort appliance connects to a second or subsequent LDAP server, it remains connected
to that server until it reaches a timeout period. After it reaches the timeout, it attempts to reconnect to
the first server in the list.
to that server until it reaches a timeout period. After it reaches the timeout, it attempts to reconnect to
the first server in the list.
Configuring the Cisco IronPort Appliance for LDAP Failover
To configure the Cisco IronPort appliance for LDAP failover, complete the following steps in the GUI:
Step 1
From System Administration > LDAP, select the LDAP server profile you want to edit.