Failover

To ensure an LDAP server is available to that resolve queries, you can configure the LDAP profile for failover. If the connection to the LDAP server fails, or the query returns an error for which it is appropriate to do so, the appliance attempts to query the next LDAP server specified in the list.

The Cisco Content Security appliance attempts to connect to the first server in the list of LDAP servers for a specified period of time. If the appliance cannot connect to the first LDAP server in the list, or the query returns an error, the appliance attempts to connect to the next LDAP server in the list. By default, the appliance always attempts to connect to the first server in the list, and it attempts to connect to each subsequent server in the order they are listed. To ensure that the Cisco Content Security appliance connects to the primary LDAP server by default, enter it as the first server in the list of LDAP servers.

Note	Only attempts to query a specified LDAP server fail over. Attempts to query referral or continuation servers associated with the specified LDAP server do not fail over.

If the Cisco Content Security appliance connects to a second or subsequent LDAP server, it remains connected to that server for a specified period of time. At the end of this period, the appliance attempts to reconnect to the first server in the list.