Cisco Cisco Email Security Appliance X1050 信息指南

Contributed by John Yu and Enrico Werner, Cisco TAC Engineers.
Jul 17, 2014

Is there a way to provide for failover or load balancing of LDAP servers?

The Cisco ESA can be configured to provide failover of multiple LDAP in load balance and fail over mode.
Below is an example showing how to add multiple LDAP server entries on the ESA using the ldapconfig
command from the CLI. When prompted for the hostname, you can enter several hosts, separated by commas:

mail.example.com> ldapconfig

No LDAP server configurations.

Choose the operation you want to perform:

− NEW − Create a new server configuration.

[]> new

Please create a name for this server configuration (Ex: "PublicLDAP"):

[]> PublicLDAP2

Please enter the hostname:

[]> ldap1.example.com, ldap2.example.com, ldap3.example.com

Use SSL to connect to the LDAP server? [N]>

Please enter the port number:

[389]>

Please enter the base or enter 'NONE':

[dc=example,dc=com]>

Select the authentication method to use for this server configuration:

1. Anonymous

2. Password based

[1]>

Name: ldapservers

Hostname: ldap1.example.com,ldap2.example.com,ldap3.example.com Port 389

Authentication Type: anonymous

Base:dc=example,dc=com

Choose the operation you want to perform:

− SERVER − Change the server for the query.

− LDAPACCEPT − Configure whether a recipient address should be accepted or

bounced/dropped.

− LDAPROUTING − Configure message routing.

− MASQUERADE − Configure domain masquerading.

− LDAPGROUP − Configure whether a sender or recipient is in a specified group.

− SMTPAUTH − Configure SMTP authentication.

[]>

Current LDAP server configurations:

1. ldapservers:(ldap1.example.com,ldap2.example.com,ldap3.example.com:389)

Choose the operation you want to perform:

− NEW − Create a new server configuration.