Suffering from LDAP timeouts on Unix, where it thought it had a TCP connection to Active Directory LDAP - but it didn't really?
ie:
"nss_ldap: reconnected to LDAP server ldap://ad.in.company.com/"
or...
"nscd: nss_ldap: could not search LDAP server - Server is unavailable"
Here's one possible solution: increase the idle timeout in the Active Directory LDAP policies. By default it is 900 seconds.
(ref: http://support.microsoft.com/kb/315071)
> ntdsutil.exe
: LDAP Policies
: connections
: connect to server ad.in.company.com
: q
: Show Values
: set MaxConnIdleTime to 129600
: Show Values
: Commit Changes
: Show Values
: q
: q
This effects all DC's (as far as I can tell).
Now create a cron job in Unix to query the Active Directory (i.e. getent passwd) at an interval of less than MaxConnIdleTime.
Thursday, August 25, 2011
Subscribe to:
Posts (Atom)
