Руководство Пользователя для Cisco Cisco Content Security Management Appliance M160
11-12
AsyncOS 9.6 for Cisco Content Security Management Appliances User Guide
Chapter 11 Integrating with LDAP
Configuring AsyncOS to Work With Multiple LDAP Servers
You can configure redundant LDAP servers on the Management Appliance > System Administration >
LDAP page or by using the CLI
LDAP page or by using the CLI
ldapconfig
command.
Testing Servers and Queries
Use the Test Server(s) button on the Add (or Edit) LDAP Server Profile page (or the
test
subcommand
in the CLI) to test the connection to an LDAP server. If you use multiple LDAP servers, AsyncOS tests
each server and displays individual results for each server. AsyncOS will also test the query on each
LDAP server and display the individual results.
each server and displays individual results for each server. AsyncOS will also test the query on each
LDAP server and display the individual results.
Failover
To ensure an LDAP server is available to that resolve queries, you can configure the LDAP profile for
failover. If the connection to the LDAP server fails, or the query returns an error for which it is
appropriate to do so, the appliance attempts to query the next LDAP server specified in the list.
failover. If the connection to the LDAP server fails, or the query returns an error for which it is
appropriate to do so, the appliance attempts to query the next LDAP server specified in the list.
The Cisco Content Security appliance attempts to connect to the first server in the list of LDAP servers
for a specified period of time. If the appliance cannot connect to the first LDAP server in the list, or the
query returns an error, the appliance attempts to connect to the next LDAP server in the list. By default,
the appliance always attempts to connect to the first server in the list, and it attempts to connect to each
subsequent server in the order they are listed. To ensure that the Cisco Content Security appliance
connects to the primary LDAP server by default, enter it as the first server in the list of LDAP servers.
for a specified period of time. If the appliance cannot connect to the first LDAP server in the list, or the
query returns an error, the appliance attempts to connect to the next LDAP server in the list. By default,
the appliance always attempts to connect to the first server in the list, and it attempts to connect to each
subsequent server in the order they are listed. To ensure that the Cisco Content Security appliance
connects to the primary LDAP server by default, enter it as the first server in the list of LDAP servers.
Note
Only attempts to query a specified LDAP server fail over. Attempts to query referral or continuation
servers associated with the specified LDAP server do not fail over.
servers associated with the specified LDAP server do not fail over.
If the Cisco Content Security appliance connects to a second or subsequent LDAP server, it remains
connected to that server for a specified period of time. At the end of this period, the appliance attempts
to reconnect to the first server in the list.
connected to that server for a specified period of time. At the end of this period, the appliance attempts
to reconnect to the first server in the list.
Configuring the Cisco Content Security Appliance for LDAP Failover
Procedure
Step 1
On the Security Management appliance, choose Management Appliance > System Administration >
LDAP.
LDAP.
Step 2
Select the LDAP server profile you want to edit.
In the following example, the LDAP server name is example.com.