Excessive LDAP searches from DB2 server's db2sysc processes

Solution Verified - Updated -

Issue

  • Several systems found responsible for gigabytes/day of network traffic to backend LDAP servers.
  • Load on LDAP servers unexpected as it should only be used for system authN/authZ
  • nscd: nss_ldap: failed to bind to LDAP server ldap://adldap: Can't contact LDAP server messages in logs.

Environment

  • RHEL 5
  • RHEL 4
  • IBM DB2 Version 9
  • System AuthN & AuthZ centralized in seperate LDAP Directory server.
  • DB2 system, admin, and database users / groups all defined locally.
    /etc/ldap.conf:
nss_initgroups_ignoreusers db2as,db2fenc1,db2ls001,db2pmi01,db2psrv1,db2rm001,db2wbfrm,db2wmq01,sibqa

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In