Guest

Cisco Email Security Appliance

Is there a way to provide for failover or load balancing of LDAP servers?

Document ID: 117975

Updated: Jul 17, 2014

Contributed by John Yu and Enrico Werner, Cisco TAC Engineers.

   Print

Question

Is there a way to provide for failover or load balancing of LDAP servers?

The Cisco ESA can be configured to provide failover of multiple LDAP in load balance and fail over mode. Below is an example showing how to add multiple LDAP server entries on the ESA using the ldapconfig command from the CLI. When prompted for the hostname, you can enter several hosts, separated by commas:

mail.example.com> ldapconfig
No LDAP server configurations.

Choose the operation you want to perform:
- NEW - Create a new server configuration.
[]> new
Please create a name for this server configuration (Ex: "PublicLDAP"):
[]> PublicLDAP2
Please enter the hostname:
[]> ldap1.example.com, ldap2.example.com, ldap3.example.com
Use SSL to connect to the LDAP server? [N]>
Please enter the port number:
[389]>
Please enter the base or enter 'NONE':
[dc=example,dc=com]>
Select the authentication method to use for this server configuration:
1. Anonymous
2. Password based
[1]>

Name: ldapservers
Hostname: ldap1.example.com,ldap2.example.com,ldap3.example.com Port 389
Authentication Type: anonymous
Base:dc=example,dc=com

Choose the operation you want to perform:
- SERVER - Change the server for the query.
- LDAPACCEPT - Configure whether a recipient address should be accepted or
bounced/dropped.
- LDAPROUTING - Configure message routing.
- MASQUERADE - Configure domain masquerading.
- LDAPGROUP - Configure whether a sender or recipient is in a specified group.
- SMTPAUTH - Configure SMTP authentication.
[]>
Current LDAP server configurations:
1. ldapservers:(ldap1.example.com,ldap2.example.com,ldap3.example.com:389)

Choose the operation you want to perform:
- NEW - Create a new server configuration.
- EDIT - Modify a server configuration.
- DELETE - Remove a server configuration.
[]>
mail.example.com> commit
Updated: Jul 17, 2014
Document ID: 117975