How does ACS 5.0 check LDAP health?

Unanswered Question
Feb 21st, 2010
User Badges:

LDAP servers sit behind Load Balancers.

Primary and Secondary LDAP servers are defined as Load Balancer VIPs.

ACS not failing over to secondary LDAP server (VIP) ???

When disabling connection to primary LDAP servers, still able to make connection on port 636 from ACS to Load Balancer.

Just like to confirm how ACS checks LDAP health so I can confirm whether ACS or load balancer issue.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Gennady Yakubovich Tue, 03/02/2010 - 13:18
User Badges:
  • Cisco Employee,

Hi Brad.

If your LDAPs are behind load balancer, so this devide takes care about availability and failover. ACS "sees" just one virtual IP. Load balancer, in turn, may use special "keep-alive" packets on speicified  port in order to check LDAPs availability and latency.

If you see no failover on you LDAP servers which are behing LB, please, check load balancer configuration first.

P.S.  ACS uses no special "keep alive"  -  you just confugring two LDAP servers and internal logic switches from first to second after timeout.


This Discussion