Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

LDAP Problem

Hi Gurus,

Whats the best timeout caching / cache entries that should be defined on my LDAP configuration..

I have this error below...alerting me... but my ldap works fine...

LDAP group query failure during per-recipient scanning, possible LDAP misconfiguration or unreachable server


Any help?

thank you.

3 REPLIES
Cisco Employee

Re: LDAP Problem

Hi,

The default values for the ldap server configuration are:

Cache: 10000 entries, 900 seconds ttl (Time To Live)

You say that your LDAP is working fine.
Do you mean the LDAP queries on the IronPort, or the LDAP server itself?

Are you receiving any specific errors regarding receiving emaill?

-whardison

New Member

Re: LDAP Problem

Hi, the LDAP queries is from ironport to the LDAP server which is their AD.

I have this error;

The Critical message is:

LDAP group query failure during per-recipient scanning, possible LDAP misconfiguration or unreachable server

Version: 6.3.5-009
Serial Number: 0019B9D396BE-CFPGFD1
Timestamp: 10 Sep 2008 11:43:05 +0800

I have 3 trusted domains in a forest where my ironport queries those LDAP groups i created...

any tips?

Cisco Employee

Re: LDAP Problem

Try using 'ldaptest' from the cli to test each query independently.

From the error message, it appears that one of the AD servers is unreachable.

Also, enable an ldapdebug log.

The following KnowledgeBase article describes creating logs in general, but uses ldapdebug as an example, and should help you create one.
http://tinyurl.com/pnv57

Once the ldapdebug log is created, you can tail it from the cli to see what exactly is causing this error.

-whardison

1967
Views
0
Helpful
3
Replies