It looks to me as though the search is taking too long, which suggests that
your user base DN is too high up the tree. You've obfuscated the details so
it's hard to be sure but where is the user that is being searched for in
relation to the starting point? For example, if you configure the base DN as
DC=users, DC=bmc, DC=com and the user is CN=bob, DC=users, DC=bmc, DC=com, then
I would expect the search to be pretty quick. However, if the user is further
down the tree - CN=bob, DC=London, DC=UK, DC=Europr, DC=users, DC=bmc, DC=com
say - and there are lots of other subtrees to search, it's possible you may hit
a timeout.
If you think this may be the case you can try making the user base DN more
specific to reduce the amount of the ldap tree that needs to be searched. If
you need to authenticate users in multiple containers you can add additional
LDAP configuration settings for each one - there's no reason that they can't
all point to the same LDAP server but use different base DNs. In this case try
to order them so that the containers where you expect to find most users is the
first.
You could also google a copy of the LDP utility, or something similar, to run
the same LDAP search you have in your logs;
ldap_search_ext("DC=a,DC=b,DC=c,DC=d", 2, "sAMAccountName=someuser")
and see how long that actually takes.
Mark
-----Original Message-----
From: Action Request System discussion list(ARSList)
[mailto:arslist@ARSLIST.ORG] On Behalf Of Frank Caruso
Sent: 12 April 2012 13:12
To: arslist@ARSLIST.ORG
Subject: Re: AREA Authentication Timeout
No luck with the longer timeout.
Does anyone think there could be an issue on the AD side where it is not
"configured" for external authentication? We are the first application to use
this AD for external authentication. Not sure if there is something on the AD
server that needs to running/configured or possibly log files that might show
an error.
Thank you
_______________________________________________________________________________
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12
www.wwrug12.com ARSList: "Where the Answers Are"
_______________________________________________________________________________
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
