09-05-2008 03:12 AM
Hi Gurus,
Whats the best timeout caching / cache entries that should be defined on my LDAP configuration..
I have this error below...alerting me... but my ldap works fine...
LDAP group query failure during per-recipient scanning, possible LDAP misconfiguration or unreachable server
Any help?
thank you.
09-09-2008 08:37 PM
Hi,
The default values for the ldap server configuration are:
Cache: 10000 entries, 900 seconds ttl (Time To Live)
You say that your LDAP is working fine.
Do you mean the LDAP queries on the IronPort, or the LDAP server itself?
Are you receiving any specific errors regarding receiving emaill?
-whardison
09-10-2008 05:00 AM
Hi, the LDAP queries is from ironport to the LDAP server which is their AD.
I have this error;
The Critical message is:
LDAP group query failure during per-recipient scanning, possible LDAP misconfiguration or unreachable server
Version: 6.3.5-009
Serial Number: 0019B9D396BE-CFPGFD1
Timestamp: 10 Sep 2008 11:43:05 +0800
I have 3 trusted domains in a forest where my ironport queries those LDAP groups i created...
any tips?
09-10-2008 01:15 PM
Try using 'ldaptest' from the cli to test each query independently.
From the error message, it appears that one of the AD servers is unreachable.
Also, enable an ldapdebug log.
The following KnowledgeBase article describes creating logs in general, but uses ldapdebug as an example, and should help you create one.
http://tinyurl.com/pnv57
Once the ldapdebug log is created, you can tail it from the cli to see what exactly is causing this error.
-whardison
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide