Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How does ACS 5.0 check LDAP health?

LDAP servers sit behind Load Balancers.

Primary and Secondary LDAP servers are defined as Load Balancer VIPs.

ACS not failing over to secondary LDAP server (VIP) ???

When disabling connection to primary LDAP servers, still able to make connection on port 636 from ACS to Load Balancer.

Just like to confirm how ACS checks LDAP health so I can confirm whether ACS or load balancer issue.

Thanks.

1 REPLY
Cisco Employee

Re: How does ACS 5.0 check LDAP health?

Hi Brad.

If your LDAPs are behind load balancer, so this devide takes care about availability and failover. ACS "sees" just one virtual IP. Load balancer, in turn, may use special "keep-alive" packets on speicified  port in order to check LDAPs availability and latency.

If you see no failover on you LDAP servers which are behing LB, please, check load balancer configuration first.

P.S.  ACS uses no special "keep alive"  -  you just confugring two LDAP servers and internal logic switches from first to second after timeout.

235
Views
0
Helpful
1
Replies