Configuring the ACE as a Client of a RADIUS, TACACS+, or LDAP Server
Setting the Global LDAP Server Timeout Value
Configuring AAA Server Groups
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
2-38
By default, the ACE waits 5 seconds to receive a response from an LDAP server
before it declares a timeout failure and attempts to contact the next server in the
group. Use the ldap-server timeout command to globally change the time
interval that the ACE waits for the LDAP server to reply to a response before it
declares a timeout failure. The ACE applies this global timeout value to those
LDAP servers for which a timeout value is not individually configured by the
ldap-server host command.
The syntax of this command is as follows:
ldap-server timeout seconds
The seconds argument is the timeout value in seconds. Valid entries are from 1 to
60 seconds. The default is 5 seconds.
For example, to globally configure the timeout value to 30 seconds, enter:
host1/Admin(config)# ldap-server timeout 30
To change to the default of 5 seconds between transmission attempts, enter:
host1/Admin(config)# no ldap-server timeout 30
This section contains the following topics:
Creating a TACACS+, RADIUS, or LDAP Server Group
•
Setting the Dead-Time Interval for a TACACS+ Server Group
•
Setting the Dead-Time Interval for a RADIUS Server Group
•
Configuring the User Profile Attribute Type for an LDAP Server Group
•
Configuring the Base DN for an LDAP Server Group
•
•
Configuring the Search Filter for an LDAP Server Group
Chapter 2
Configuring Authentication and Accounting Services
OL-16202-01