LDAP Problem

angfeglandagan · ‎09-05-2008

Hi Gurus,

Whats the best timeout caching / cache entries that should be defined on my LDAP configuration..

I have this error below...alerting me... but my ldap works fine...

LDAP group query failure during per-recipient scanning, possible LDAP misconfiguration or unreachable server

Any help?

thank you.

Douglas Hardison · ‎09-09-2008

Hi,

The default values for the ldap server configuration are:

Cache: 10000 entries, 900 seconds ttl (Time To Live)

You say that your LDAP is working fine.
Do you mean the LDAP queries on the IronPort, or the LDAP server itself?

Are you receiving any specific errors regarding receiving emaill?

-whardison

angfeglandagan · ‎09-10-2008

Hi, the LDAP queries is from ironport to the LDAP server which is their AD.

I have this error;

The Critical message is:

LDAP group query failure during per-recipient scanning, possible LDAP misconfiguration or unreachable server

Version: 6.3.5-009
Serial Number: 0019B9D396BE-CFPGFD1
Timestamp: 10 Sep 2008 11:43:05 +0800

I have 3 trusted domains in a forest where my ironport queries those LDAP groups i created...

any tips?

Douglas Hardison · ‎09-10-2008

Try using 'ldaptest' from the cli to test each query independently.

From the error message, it appears that one of the AD servers is unreachable.

Also, enable an ldapdebug log.

The following KnowledgeBase article describes creating logs in general, but uses ldapdebug as an example, and should help you create one.
http://tinyurl.com/pnv57

Once the ldapdebug log is created, you can tail it from the cli to see what exactly is causing this error.

-whardison