Is there a way to provide for failover or load balancing of LDAP servers?
The Cisco ESA can be configured to provide failover of multiple LDAP in load balance and fail over mode. Below is an example showing how to add multiple LDAP server entries on the ESA using the ldapconfig command from the CLI. When prompted for the hostname, you can enter several hosts, separated by commas:
mail.example.com> ldapconfig No LDAP server configurations.
Choose the operation you want to perform: - NEW - Create a new server configuration. > new Please create a name for this server configuration (Ex: "PublicLDAP"): > PublicLDAP2 Please enter the hostname: > ldap1.example.com, ldap2.example.com, ldap3.example.com Use SSL to connect to the LDAP server? [N]> Please enter the port number: > Please enter the base or enter 'NONE': [dc=example,dc=com]> Select the authentication method to use for this server configuration: 1. Anonymous 2. Password based >
Name: ldapservers Hostname: ldap1.example.com,ldap2.example.com,ldap3.example.com Port 389 Authentication Type: anonymous Base:dc=example,dc=com
Choose the operation you want to perform: - SERVER - Change the server for the query. - LDAPACCEPT - Configure whether a recipient address should be accepted or bounced/dropped. - LDAPROUTING - Configure message routing. - MASQUERADE - Configure domain masquerading. - LDAPGROUP - Configure whether a sender or recipient is in a specified group. - SMTPAUTH - Configure SMTP authentication. > Current LDAP server configurations: 1. ldapservers:(ldap1.example.com,ldap2.example.com,ldap3.example.com:389)
Choose the operation you want to perform: - NEW - Create a new server configuration. - EDIT - Modify a server configuration. - DELETE - Remove a server configuration. > mail.example.com> commit