Cisco Cisco Content Security Management Appliance M390 Mode D'Emploi
9-17
Cisco IronPort AsyncOS 7.2.0 for Security Management User Guide
OL-21768-01
Chapter 9 LDAP Queries
•
Failover. If the Cisco IronPort appliance cannot connect to an LDAP server,
it connects to the next server in the list.
it connects to the next server in the list.
•
Load Balancing. The Cisco IronPort appliance distributes connections
across the list of LDAP servers when it performs LDAP queries.
across the list of LDAP servers when it performs LDAP queries.
You can configure redundant LDAP servers on the Management Appliance >
System Administration > LDAP page or by using the CLI
System Administration > LDAP page or by using the CLI
ldapconfig
command.
Testing Servers and Queries
Use the Test Server(s) button on the Add (or Edit) LDAP Server Profile page (or
the
the
test
subcommand in the CLI) to test the connection to an LDAP server. If you
use multiple LDAP servers, AsyncOS tests each server and displays individual
results for each server. AsyncOS will also test the query on each LDAP server and
display the individual results.
results for each server. AsyncOS will also test the query on each LDAP server and
display the individual results.
Failover
To ensure an LDAP server is available to that resolve queries, you can configure
the LDAP profile for failover.
the LDAP profile for failover.
The Cisco IronPort appliance attempts to connect to the first server in the list of
LDAP servers for a specified period of time. If the appliance cannot connect to
the first LDAP server in the list, the appliance attempts to connect to the next
LDAP server in the list. To ensure that the Cisco IronPort appliance connects to
the primary LDAP server by default, enter it as the first server in the list of LDAP
servers.
LDAP servers for a specified period of time. If the appliance cannot connect to
the first LDAP server in the list, the appliance attempts to connect to the next
LDAP server in the list. To ensure that the Cisco IronPort appliance connects to
the primary LDAP server by default, enter it as the first server in the list of LDAP
servers.
If the Cisco IronPort appliance connects to a second or subsequent LDAP server,
it remains connected to that server for a specified period of time. At the end of
this period, the appliance attempts to reconnect to the first server in the list.
it remains connected to that server for a specified period of time. At the end of
this period, the appliance attempts to reconnect to the first server in the list.
Configuring the Cisco IronPort Appliance for LDAP Failover
To configure the Cisco IronPort appliance for LDAP failover, perform the
following:
following: