Cisco Cisco Email Security Appliance C190 Guia Do Utilizador
26-47
Cisco AsyncOS 9.5 for Email User Guide
Chapter 26 LDAP Queries
Identifying a Sender’s User Distinguished Name for RSA Enterprise Manager
When you configure the appliance to connect to redundant LDAP servers, you can configure the LDAP
configuration for failover or load balancing.
configuration for failover or load balancing.
You can use multiple LDAP servers to achieve the following results:
•
Failover. When you configure the LDAP profile for failover, the appliance fails over to the next
LDAP server in the list if it cannot connect to the first LDAP server.
LDAP server in the list if it cannot connect to the first LDAP server.
•
Load Balancing. When you configure the LDAP profile for load balancing, the appliance
distributes connections across the list of LDAP servers when it performs LDAP queries.
distributes connections across the list of LDAP servers when it performs LDAP queries.
You can configure redundant LDAP servers from the System Administration > LDAP page or from the
CLI
CLI
ldapconfig
command.
Testing Servers and Queries
Use the Test Server(s) button on the Add (or Edit) LDAP Server Profile page (or the
test
subcommand
in the CLI) to test the connection to an LDAP server. If you use multiple LDAP servers, AsyncOS tests
each server and displays individual results for each server. AsyncOS will also test the query on each
LDAP server and display the individual results.
each server and displays individual results for each server. AsyncOS will also test the query on each
LDAP server and display the individual results.
Failover
To ensure that LDAP queries are resolved, you can configure your LDAP profile for failover.
The appliance attempts to connect to the first server in the list of LDAP servers for a specified period of
time. If the appliance cannot connect to the first LDAP server in the list, the appliance attempts to
connect to the next LDAP server in the list. By default, the appliance always attempts to connect to the
first server in the list, and it attempts to connect to each subsequent server in the order they are listed.
To ensure that the appliance connects to your primary LDAP server by default, ensure that you enter it
as the first server in your list of LDAP servers.
time. If the appliance cannot connect to the first LDAP server in the list, the appliance attempts to
connect to the next LDAP server in the list. By default, the appliance always attempts to connect to the
first server in the list, and it attempts to connect to each subsequent server in the order they are listed.
To ensure that the appliance connects to your primary LDAP server by default, ensure that you enter it
as the first server in your list of LDAP servers.
If the appliance connects to a second or subsequent LDAP server, it remains connected to that server
until it reaches a timeout period. After it reaches the timeout, it attempts to reconnect to the first server
in the list.
until it reaches a timeout period. After it reaches the timeout, it attempts to reconnect to the first server
in the list.
Related Topics
•
Configuring the Appliance for LDAP Failover
To configure the appliance for LDAP failover, complete the following steps in the GUI:
Procedure
Step 1
From System Administration > LDAP, select the LDAP server profile you want to edit.