Suffering from LDAP timeouts on Unix, where it thought it had a TCP connection to Active Directory LDAP - but it didn't really?
ie:
"nss_ldap: reconnected to LDAP server ldap://ad.in.company.com/"
or...
"nscd: nss_ldap: could not search LDAP server - Server is unavailable"
Here's one possible solution: increase the idle timeout in the Active Directory LDAP policies. By default it is 900 seconds.
(ref: http://support.microsoft.com/kb/315071)
> ntdsutil.exe
: LDAP Policies
: connections
: connect to server ad.in.company.com
: q
: Show Values
: set MaxConnIdleTime to 129600
: Show Values
: Commit Changes
: Show Values
: q
: q
This effects all DC's (as far as I can tell).
Now create a cron job in Unix to query the Active Directory (i.e. getent passwd) at an interval of less than MaxConnIdleTime.
Showing posts with label active directory. Show all posts
Showing posts with label active directory. Show all posts
Thursday, August 25, 2011
Subscribe to:
Posts (Atom)
