ACS 5.1 LDAP Bind and open connections timout.

Unanswered Question
May 3rd, 2010
User Badges:

I need to qualify the new Cisco ACS 5.1 for use with LDAP.  The questionaire is asking for the following:  Can not answer using the ACS5.1 admin guide:

1. Does the ACS app unbind after each bind. ?

2. Describe how long bind connections are left open:

Using for simple user authentication via ACS to LDAP identity store.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jatin Katyal Sun, 05/16/2010 - 01:35
User Badges:
  • Cisco Employee,

-- ACS 5.1 supports multiple concurrent LDAP connections. Connections are opened on demand at the time of the first LDAP authentication. The maximum number of connections is configured for each LDAP server. Opening connections in advance shortens the authentication time. You can set the maximum number of connections to use for concurrent binding connections. The number of opened connections can be different for each LDAP server (primary or secondary) and is determined according to the maximum number of administration connections configured for each server.

ACS retains a list of open LDAP connections (including the bind information) for each LDAP server that is configured in ACS. During the authentication process, the connection manager attempts to find an open connection from the pool. If an open connection does not exist, a new one is opened.

If the LDAP server closed the connection, the connection manager reports an error during the first call to search the directory, and tries to renew the connection.

After the authentication process is complete, the connection manager releases the connection to the connection manager.

For more info, you may view:

-- The bind timeout period can be set with the LDAP_OPT_TIMELIMIT session option. If this option is not set on a connection, the LDAP client uses a default timeout value of 120 seconds (2 minutes).



Do rate helpful posts-


This Discussion