LDAP Problem

Unanswered Question
Sep 5th, 2008
User Badges:

Hi Gurus,

Whats the best timeout caching / cache entries that should be defined on my LDAP configuration..

I have this error below...alerting me... but my ldap works fine...

LDAP group query failure during per-recipient scanning, possible LDAP misconfiguration or unreachable server


Any help?

thank you.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Douglas Hardison Tue, 09/09/2008 - 20:37
User Badges:
  • Cisco Employee,

Hi,

The default values for the ldap server configuration are:

Cache: 10000 entries, 900 seconds ttl (Time To Live)

You say that your LDAP is working fine.
Do you mean the LDAP queries on the IronPort, or the LDAP server itself?

Are you receiving any specific errors regarding receiving emaill?

-whardison

angfeglandagan Wed, 09/10/2008 - 05:00
User Badges:

Hi, the LDAP queries is from ironport to the LDAP server which is their AD.

I have this error;

The Critical message is:

LDAP group query failure during per-recipient scanning, possible LDAP misconfiguration or unreachable server

Version: 6.3.5-009
Serial Number: 0019B9D396BE-CFPGFD1
Timestamp: 10 Sep 2008 11:43:05 +0800

I have 3 trusted domains in a forest where my ironport queries those LDAP groups i created...

any tips?

Douglas Hardison Wed, 09/10/2008 - 13:15
User Badges:
  • Cisco Employee,

Try using 'ldaptest' from the cli to test each query independently.

From the error message, it appears that one of the AD servers is unreachable.

Also, enable an ldapdebug log.

The following KnowledgeBase article describes creating logs in general, but uses ldapdebug as an example, and should help you create one.
http://tinyurl.com/pnv57

Once the ldapdebug log is created, you can tail it from the cli to see what exactly is causing this error.

-whardison

Actions

This Discussion