beautypg.com

Monitoring ldap servers – Panasonic NN46110-600 User Manual

Page 50

Attention! The text in this document has been recognized automatically. To view the original document, you can use the "Original mode".

background image

40

Chapter 2 Configuring servers

Monitoring LDAP servers

If the VPN Router cannot reach the LDAP proxy server, it still operates and passes

traffic. However, it does not authenticate users whose information exists in a third
party directory. The VPN Router simply pings the LDAP proxy servers every few

minutes to check for their status. If it receives an ICMP reply, an attempt is made

(considered available) to the LDAP proxy server. This is similar to the way the

VPN Router monitors RADIUS servers.

External LDAP servers behave differently because the server must reply to ICMP

echo requests and accept a directory bind before the VPN Router considers it

available. On initialization of the external LDAP server, the VPN Router monitors

the health of each external LDAP server to determine if the server is available. If it

cannot contact its directory, the VPN Router runs, but it does not terminate tunnels
or pass network traffic.

Note:

If you configure an external LDAP proxy server that is

unavailable, you can experience delays in VPN Router provisioning
times.

The VPN Router monitors the status of all configured external LDAP servers. If
the VPN Router has marked a server as up, it monitors the status of the server by
binding and conducting a search against the directory every 15 minutes. If the

VPN Router has marked a server as down, it does the following:

1

Monitors the status of the server by issuing an ICMP echo request to the

server every 15 minutes.

2

If an echo reply is received, the VPN Router attempts to bind and search the

server's directory.

3

If the bind and search is successful, the VPN Router changes the server's

status to up and returns the server back into the server list for operation.

If either the bind or search is unsuccessful, the server remains in the down state.

Note: When multiple systems share an external LDAP, any parameters

added or removed from the external database by one system are not

visible to the other system until the database caches are flushed. The
cache flush is a timed interval.

NN46110-600

See also other documents in the category Panasonic Routers: