How to set priority for multiple LDAP servers associated with the same LDAP directory.

book

Article ID: 157903

calendar_today

Updated On:

Products

Encryption Management Server Gateway Email Encryption

Issue/Introduction

This article describes how to set the priority for Encryption Management Server/PGP Universal Server when searching multiple LDAP servers for Directory Synchronization.

Resolution

Symantec™ Encryption Management Server & PGP Universal Server allow you to add one or more LDAP servers to be associated with the same LDAP directory.

If you have more than one LDAP server, you can set priority for each server being searched for LDAP queries. More than one server can have the same priority number as Encryption Management Server/PGP Universal Server load balances between LDAP servers with the same priority. You can use the priority setting to make sure Encryption Management Server/PGP Universal Server always searches the local LDAP server first.

Note: Priority settings are not replicated across a cluster. However, if you change any other settings on the page other than the priority setting, the other cluster members will lose their priority settings. If making a change, you must then reset the priority for all LDAP servers on the other cluster members.

There are two ways to assign priority. You can number each server in the order you want them searched, simply using 1,2,3, etc., or you can assign priority as a reflection of the cost of connecting the Encryption Management Server/PGP Universal Server to the LDAP server. The connection cost can be ping time or any other measure you want, and you can use any number you want to reflect cost. Encryption Management Server/PGP Universal Server always contacts the LDAP server with the lowest cost first.

 

Use the following steps to assign priority to the server

  1. Go to Consumers > Directory Synchronization in the administrative interface.
  2. Click Add LDAP Directory..., then go to the LDAP Servers tab.
  3. If you need to add an LDAP server, type the fully qualified domain name or IP address of the LDAP directory server in the Hostname field.
  4. Type the port number in the Port field. Typically, port 389 is used for LDAP or and 636 for LDAPS.
  5. From the Protocol menu, select LDAP or LDAPS.
  6. Specify the search priority for each server.
  7. To test whether the server can successfully connect to the LDAP server using the credentials you have provided (hostname, port, Bind DN and passphrase) click the Test Connection button associated with this server.
  8. To add another server to this LDAP directory, click the Add icon at the end of the row.

     

    Note: The order of servers is not significant.