LDAP Failover Issue

nkull_ironport · ‎03-06-2009

Ok, this is driving me nuts... I have multiple LDAP servers (windows server 2003 AD Domain Controllers) --- I have set them BOTH up in the ironport with failover configuration ---

10.x.x.50,10.x.x.51

(x) failover

In this configuration, I can do LDAP queries just fine, however if the .50 server goes down the LDAP queries fail, they never roll over to .51

Same in reverse, I enter .51 first and then .50 and it works fine until I take .51 offline

I have also attempted to just put the AD name (domain.ext) in place there, and it works until I take one of the servers down.

Any suggestions?

mychrislo_ironport · ‎03-07-2009

i use a load balancer and it will not redirect traffic to the failed server...
a solution that may not fit you.

Rayman_Jr · ‎03-11-2009

We are using two Domino LDAPs and three ADs. Both Domino and AD lookups are failing over just fine. (C600 AsyncOS 6.4)

Have you tried to enable LDAP debugging logs ? Maybe those can show you what's going wrong.

Jason Meyer · ‎03-16-2009

I use the load ballancing option and the only problem I've had is when the account IronPort was using to authenticate to the servers had the password expire. Rather than allow the mail in as I expected it to work. (I have allow main in if LDAP server is unavailable), IronPort began bouncing all mail. This was quickly resolved by resetting the password and setting it to not expire but was unexpected.