Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 5.1 LDAP Bind and open connections timout.

I need to qualify the new Cisco ACS 5.1 for use with LDAP.  The questionaire is asking for the following:  Can not answer using the ACS5.1 admin guide:

1. Does the ACS app unbind after each bind. ?

2. Describe how long bind connections are left open:

Using for simple user authentication via ACS to LDAP identity store.

1 REPLY
Cisco Employee

Re: ACS 5.1 LDAP Bind and open connections timout.

-- ACS 5.1 supports multiple concurrent LDAP connections. Connections are opened on demand at the time of the first LDAP authentication. The maximum number of connections is configured for each LDAP server. Opening connections in advance shortens the authentication time. You can set the maximum number of connections to use for concurrent binding connections. The number of opened connections can be different for each LDAP server (primary or secondary) and is determined according to the maximum number of administration connections configured for each server.


ACS retains a list of open LDAP connections (including the bind information) for each LDAP server that is configured in ACS. During the authentication process, the connection manager attempts to find an open connection from the pool. If an open connection does not exist, a new one is opened.

If the LDAP server closed the connection, the connection manager reports an error during the first call to search the directory, and tries to renew the connection.


After the authentication process is complete, the connection manager releases the connection to the connection manager.


For more info, you may view:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/user/guide/users_id_stores.html#wp1053150



-- The bind timeout period can be set with the LDAP_OPT_TIMELIMIT session option. If this option is not set on a connection, the LDAP client uses a default timeout value of 120 seconds (2 minutes).


Regds,

JK


Do rate helpful posts-

~BR Jatin Katyal **Do rate helpful posts**
547
Views
0
Helpful
1
Replies
CreatePlease to create content