Ldap configuration options, Ldap configuration – Cisco 3.3 User Manual
Page 521
13-37
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Chapter 13 User Databases
Generic LDAP
Unsuccessful Previous Authentication with the Primary LDAP Server
If, on the previous LDAP authentication attempt, Cisco Secure ACS could not
connect to the primary LDAP server, whether Cisco Secure ACS first attempts to
connect to the primary server or secondary LDAP server for the current
authentication attempt depends on the value in the Failback Retry Delay box. If
the Failback Retry Delay box is set to 0 (zero), Cisco Secure ACS always attempts
to connect to the primary LDAP server first. And if Cisco Secure ACS cannot
connect to the primary LDAP server, Cisco Secure ACS then attempts to connect
to the secondary LDAP server.
If the Failback Retry Delay box is set to a number other than zero, Cisco Secure
ACS determines how many minutes have passed since the last authentication
attempt using the primary LDAP server occurred. If more minutes have passed
than the value specified in the Failback Retry Delay box, Cisco Secure ACS
attempts to connect to the primary LDAP server first. And if Cisco Secure ACS
cannot connect to the primary LDAP server, Cisco Secure ACS then attempts to
connect to the secondary LDAP server.
If fewer minutes have passed than the value specified in the Failback Retry Delay
box, Cisco Secure ACS attempts to connect to the secondary LDAP server first.
And if Cisco Secure ACS cannot connect to the secondary LDAP server,
Cisco Secure ACS then attempts to connect to the primary LDAP server.
If Cisco Secure ACS cannot connect to either LDAP server, Cisco Secure ACS
stops attempting LDAP authentication for the user. If the user is an unknown user,
Cisco Secure ACS tries the next external user database listed in the Unknown
User Policy list. For more information about the Unknown User Policy list, see
About Unknown User Authentication, page 15-4
.
LDAP Configuration Options
The LDAP Database Configuration page contains many options, presented in
three tables:
•
Domain Filtering—This table contains options for domain filtering. The
settings in this table affect all LDAP authentication performed using this
configuration, regardless of whether the authentication is handled by the
primary or secondary LDAP server. For more information about domain
filtering, see