Re: [nssldap] lookup delay using nss_ldap with Active Directory
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: [nssldap] lookup delay using nss_ldap with Active Directory
- From: Jonathan Nilsson <jnilsson [at] uci.edu>
- To: Brett Delle Grazie <Brett.Dellegrazie [at] Intact-is.com>
- Cc: nssldap [at] padl.com, "Douglas E. Engert" <deengert [at] anl.gov>
- Subject: Re: [nssldap] lookup delay using nss_ldap with Active Directory
- Date: Mon, 10 May 2010 12:54:22 -0700
Hi Brett, Thanks again for your suggestions. I should have thought to turn on
debugging sooner! I was looking into MTU and reading the ChangeLogs and trying
some other setting modifications, all to no avail.
2. I vaguely remember having to enable or disable referrals in LDAP client
/etc/ldap.conf (I can't remember which, I'll check when I get home)
I'm not very familiar with LDAP referrals, but turning them off has fixed my
problems!
When I turned on debugging, I saw a bunch of these messages being displayed when
referrals were on (which they were by default).
Unable to chase referral
"ldap://ForestDnsZones.production.domain.com/DC=ForestDnsZones,DC=production,DC=domain,DC=com"
(-1: Can't contact LDAP server)
Unable to chase referral
"ldap://DomainDnsZones.production.domain.com/DC=DomainDnsZones,DC=production,DC=domain,DC=com"
(-1: Can't contact LDAP server)
Turning off referrals seems to make everything work as expected. I'll keep an
eye on the CPU usage levels on the servers and test nscd if I think caching
becomes necessary.
Thanks everyone!
--
Jonathan
- Re: [nssldap] lookup delay using nss_ldap with Active Directory, (continued)