Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
638
Views
0
Helpful
1
Replies

How does ACS 5.0 check LDAP health?

bradp.johnson
Level 1
Level 1

‎02-21-2010 07:37 PM - edited ‎03-10-2019 04:57 PM

LDAP servers sit behind Load Balancers.

Primary and Secondary LDAP servers are defined as Load Balancer VIPs.

ACS not failing over to secondary LDAP server (VIP) ???

When disabling connection to primary LDAP servers, still able to make connection on port 636 from ACS to Load Balancer.

Just like to confirm how ACS checks LDAP health so I can confirm whether ACS or load balancer issue.

Thanks.

Labels:
0 Helpful
1 Reply 1

Gennady Yakubovich
Cisco Employee
Cisco Employee

‎03-02-2010 01:18 PM

Hi Brad.

If your LDAPs are behind load balancer, so this devide takes care about availability and failover. ACS "sees" just one virtual IP. Load balancer, in turn, may use special "keep-alive" packets on speicified  port in order to check LDAPs availability and latency.

If you see no failover on you LDAP servers which are behing LB, please, check load balancer configuration first.

P.S.  ACS uses no special "keep alive"  -  you just confugring two LDAP servers and internal logic switches from first to second after timeout.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents