lists.arthurdejong.org
RSS feed

Re: [nssldap] lookup delay using nss_ldap with Active Directory

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: [nssldap] lookup delay using nss_ldap with Active Directory



Hi Brett, Thanks again for your suggestions.  I should have thought to turn on
debugging sooner!  I was looking into MTU and reading the ChangeLogs and trying
some other setting modifications, all to no avail.

2. I vaguely remember having to enable or disable referrals in LDAP client
/etc/ldap.conf (I can't remember which, I'll check when I get home)

I'm not very familiar with LDAP referrals, but turning them off has fixed my
problems!

When I turned on debugging, I saw a bunch of these messages being displayed when
referrals were on (which they were by default).

Unable to chase referral
"ldap://ForestDnsZones.production.domain.com/DC=ForestDnsZones,DC=production,DC=domain,DC=com"
(-1: Can't contact LDAP server)
Unable to chase referral
"ldap://DomainDnsZones.production.domain.com/DC=DomainDnsZones,DC=production,DC=domain,DC=com"
(-1: Can't contact LDAP server)

Turning off referrals seems to make everything work as expected.  I'll keep an
eye on the CPU usage levels on the servers and test nscd if I think caching
becomes necessary.

Thanks everyone!
--
Jonathan