Excessive LDAP searches from DB2 server's db2sysc processes

Solution Verified - Updated -

Issue

  • Several systems found responsible for gigabytes/day of network traffic to backend LDAP servers.
  • Load on LDAP servers unexpected as it should only be used for system authN/authZ
  • nscd: nss_ldap: failed to bind to LDAP server ldap://adldap: Can't contact LDAP server messages in logs.

Environment

  • RHEL 5
  • RHEL 4
  • IBM DB2 Version 9
  • System AuthN & AuthZ centralized in seperate LDAP Directory server.
  • DB2 system, admin, and database users / groups all defined locally.
    /etc/ldap.conf:
nss_initgroups_ignoreusers db2as,db2fenc1,db2ls001,db2pmi01,db2psrv1,db2rm001,db2wbfrm,db2wmq01,sibqa

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.