Excessive LDAP searches from DB2 server's db2sysc processes

Solution Verified - Updated -

Issue

  • Several systems found responsible for gigabytes/day of network traffic to backend LDAP servers.
  • Load on LDAP servers unexpected as it should only be used for system authN/authZ
  • nscd: nss_ldap: failed to bind to LDAP server ldap://adldap: Can't contact LDAP server messages in logs.

Environment

  • RHEL 5
  • RHEL 4
  • IBM DB2 Version 9
  • System AuthN & AuthZ centralized in seperate LDAP Directory server.
  • DB2 system, admin, and database users / groups all defined locally.
    /etc/ldap.conf:
nss_initgroups_ignoreusers db2as,db2fenc1,db2ls001,db2pmi01,db2psrv1,db2rm001,db2wbfrm,db2wmq01,sibqa

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content