Highlighted
Frequent Contributor.
Frequent Contributor.
1554 views

ZCM and LDAP issues

We're running ZCM 10.3.3 and eDir 8.8 SP5, both on SLES 10. Our LDAP servers are single-purpose servers. Below is an excerpt from a trace screen. Our LDAP servers that are designated authentication servers for the ZCM servers are getting pounded by requests like these, leading to very slow login times. The containers that are listed on the "base" lines in this trace correspond to the user containers in the User Sources area. There is something that is causing the ZCM servers to run a query like this very often. I'm not sure if it's when a user logins or what. There's just too much traffic to pin it down. It almost seems like some sort of refresh that's occurring. Have any of you see this kind of query for dynamic groups in your ZCM environment? Our windows 7 login policy is assigned to devices instead of users, so I don't think it's that. We have a few bundles that are assigned to users, but they are pretty specific items. I've spent a good deal of this week restarting ndsd processes on LDAP servers and users are getting pretty frustrated with very slow login times. Any help, troubleshooting tips, etc. would be appreciated.

Alan

1334581568 LDAP: [2011/11/04 0:36:00.611] (163.11.75.59:15587)(0x8085:0x63) Search request:
base: "ou=FACSTAFF_USERS,o=cedarnet"
scope:2 dereference:0 sizelimit:0 timelimit:21 attrsonly:0
filter: "(&(objectClass=dynamicGroup)(Member=cn=user1,ou=STUDENT_USERS,o=CEDARNET))"
attribute: "dn"
1334581568 LDAP: [2011/11/04 0:36:00.611] (163.11.75.59:15587)(0x8085:0x63) Sending operation result 0:"":"" to connection 0xffffffffb45b4340
1334581568 LDAP: [2011/11/04 0:36:00.611] (163.11.75.59:15587)(0x8086:0x63) DoSearch on connection 0xffffffffb45b4340
1334581568 LDAP: [2011/11/04 0:36:00.611] (163.11.75.59:15587)(0x8086:0x63) Search request:
base: "ou=STUORG_USERS,o=cedarnet"
scope:2 dereference:0 sizelimit:0 timelimit:21 attrsonly:0
filter: "(&(objectClass=dynamicGroup)(Member=cn=user2,ou=STUDENT_USERS,o=CEDARNET))"
attribute: "dn"
1334581568 LDAP: [2011/11/04 0:36:00.612] (163.11.75.59:15587)(0x8086:0x63) Sending operation result 0:"":"" to connection 0xffffffffb45b4340
1334581568 LDAP: [2011/11/04 0:36:00.612] (163.11.75.59:15587)(0x8087:0x63) DoSearch on connection 0xffffffffb45b4340
1334581568 LDAP: [2011/11/04 0:36:00.612] (163.11.75.59:15587)(0x8087:0x63) Search request:
base: "ou=STUDENT_USERS,o=cedarnet"
scope:2 dereference:0 sizelimit:0 timelimit:21 attrsonly:0
filter: "(&(objectClass=dynamicGroup)(Member=cn=user3,ou=STUDENT_USERS,o=CEDARNET))"
attribute: "dn"
1334581568 LDAP: [2011/11/04 0:36:00.612] (163.11.75.59:15587)(0x8087:0x63) Sending operation result 0:"":"" to connection 0xffffffffb45b4340
1334581568 LDAP: [2011/11/04 0:36:00.612] (163.11.75.59:15587)(0x8088:0x63) DoSearch on connection 0xffffffffb45b4340
1334581568 LDAP: [2011/11/04 0:36:00.612] (163.11.75.59:15587)(0x8088:0x63) Search request:
base: "ou=PEOPLE_USERS,o=cedarnet"
scope:2 dereference:0 sizelimit:0 timelimit:21 attrsonly:0
filter: "(&(objectClass=dynamicGroup)(Member=cn=user4,ou=STUDENT_USERS,o=CEDARNET))"
attribute: "dn"
1355635008 LDAP: [2011/11/04 0:36:01.324] (163.11.75.59:15587)(0x7f16:0x63) Sending operation result 0:"":"" to connection 0xffffffffb45b4340
1355635008 LDAP: [2011/11/04 0:36:01.324] (163.11.75.59:15587)(0x8089:0x63) DoSearch on connection 0xffffffffb45b4340
1355635008 LDAP: [2011/11/04 0:36:01.324] (163.11.75.59:15587)(0x8089:0x63) Search request:
base: "ou=TEMP_USERS,o=cedarnet"
scope:2 dereference:0 sizelimit:0 timelimit:21 attrsonly:0
filter: "(&(objectClass=dynamicGroup)(Member=cn=user5,ou=STUDENT_USERS,o=CEDARNET))"
attribute: "dn"
1355635008 LDAP: [2011/11/04 0:36:01.325] (163.11.75.59:15587)(0x8089:0x63) Sending operation result 0:"":"" to connection 0xffffffffb45b4340
1355635008 LDAP: [2011/11/04 0:36:01.325] (163.11.75.59:15587)(0x808a:0x63) DoSearch on connection 0xffffffffb45b4340
1355635008 LDAP: [2011/11/04 0:36:01.325] (163.11.75.59:15587)(0x808a:0x63) Search request:
base: "ou=FACSTAFF_USERS,o=cedarnet"
scope:2 dereference:0 sizelimit:0 timelimit:21 attrsonly:0
filter: "(&(objectClass=dynamicGroup)(Member=cn=user3,ou=STUDENT_USERS,o=CEDARNET))"
attribute: "dn"
1355635008 LDAP: [2011/11/04 0:36:01.326] (163.11.75.59:15587)(0x808a:0x63) Sending operation result 0:"":"" to connection 0xffffffffb45b4340
1355635008 LDAP: [2011/11/04 0:36:01.326] (163.11.75.59:15587)(0x808b:0x63) DoSearch on connection 0xffffffffb45b4340
1355635008 LDAP: [2011/11/04 0:36:01.326] (163.11.75.59:15587)(0x808b:0x63) Search request:
base: "ou=TEMP_USERS,o=cedarnet"
scope:2 dereference:0 sizelimit:0 timelimit:21 attrsonly:0
filter: "(&(objectClass=dynamicGroup)(Member=cn=user6,ou=STUDENT_USERS,o=CEDARNET))"
Labels (2)
0 Likes
5 Replies
Highlighted
Absent Member.
Absent Member.

Re: ZCM and LDAP issues

joebob99,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

Has your problem been resolved? If not, you might try one of the following options:

- Visit http://support.novell.com and search the knowledgebase and/or check all
the other self support options and support programs available.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.novell.com)

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.novell.com/faq.php

If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.

Good luck!

Your Novell Product Support Forums Team
http://forums.novell.com/

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: ZCM and LDAP issues

These DynmaicGroup Queries are expected and cannot currently be disabled.

ZCM 11.2 MIGHT support that option, I know it was in the discussion.

These queries occur when trying to locate any dynamic groups to which a
user may belong for the purpose of identifying assignments.

On 11/4/2011 1:06 AM, joebob99 wrote:
>
> We're running ZCM 10.3.3 and eDir 8.8 SP5, both on SLES 10. Our LDAP
> servers are single-purpose servers. Below is an excerpt from a trace
> screen. Our LDAP servers that are designated authentication servers for
> the ZCM servers are getting pounded by requests like these, leading to
> very slow login times. The containers that are listed on the "base"
> lines in this trace correspond to the user containers in the User
> Sources area. There is something that is causing the ZCM servers to run
> a query like this very often. I'm not sure if it's when a user logins
> or what. There's just too much traffic to pin it down. It almost seems
> like some sort of refresh that's occurring. Have any of you see this
> kind of query for dynamic groups in your ZCM environment? Our windows 7
> login policy is assigned to devices instead of users, so I don't think
> it's that. We have a few bundles that are assigned to users, but they
> are pretty specific items. I've spent a good deal of this week
> restarting ndsd processes on LDAP servers and users are getting pretty
> frustrated with very slow login times. Any help, troubleshooting tips,
> etc. would be appreciated.
>
> Alan
>
> 1334581568 LDAP: [2011/11/04 0:36:00.611]
> (163.11.75.59:15587)(0x8085:0x63) Search request:
> base: "ou=FACSTAFF_USERS,o=cedarnet"
> scope:2 dereference:0 sizelimit:0 timelimit:21 attrsonly:0
> filter:
> "(&(objectClass=dynamicGroup)(Member=cn=user1,ou=STUDENT_USERS,o=CEDARNET))"
> attribute: "dn"
> 1334581568 LDAP: [2011/11/04 0:36:00.611]
> (163.11.75.59:15587)(0x8085:0x63) Sending operation result 0:"":"" to
> connection 0xffffffffb45b4340
> 1334581568 LDAP: [2011/11/04 0:36:00.611]
> (163.11.75.59:15587)(0x8086:0x63) DoSearch on connection
> 0xffffffffb45b4340
> 1334581568 LDAP: [2011/11/04 0:36:00.611]
> (163.11.75.59:15587)(0x8086:0x63) Search request:
> base: "ou=STUORG_USERS,o=cedarnet"
> scope:2 dereference:0 sizelimit:0 timelimit:21 attrsonly:0
> filter:
> "(&(objectClass=dynamicGroup)(Member=cn=user2,ou=STUDENT_USERS,o=CEDARNET))"
> attribute: "dn"
> 1334581568 LDAP: [2011/11/04 0:36:00.612]
> (163.11.75.59:15587)(0x8086:0x63) Sending operation result 0:"":"" to
> connection 0xffffffffb45b4340
> 1334581568 LDAP: [2011/11/04 0:36:00.612]
> (163.11.75.59:15587)(0x8087:0x63) DoSearch on connection
> 0xffffffffb45b4340
> 1334581568 LDAP: [2011/11/04 0:36:00.612]
> (163.11.75.59:15587)(0x8087:0x63) Search request:
> base: "ou=STUDENT_USERS,o=cedarnet"
> scope:2 dereference:0 sizelimit:0 timelimit:21 attrsonly:0
> filter:
> "(&(objectClass=dynamicGroup)(Member=cn=user3,ou=STUDENT_USERS,o=CEDARNET))"
> attribute: "dn"
> 1334581568 LDAP: [2011/11/04 0:36:00.612]
> (163.11.75.59:15587)(0x8087:0x63) Sending operation result 0:"":"" to
> connection 0xffffffffb45b4340
> 1334581568 LDAP: [2011/11/04 0:36:00.612]
> (163.11.75.59:15587)(0x8088:0x63) DoSearch on connection
> 0xffffffffb45b4340
> 1334581568 LDAP: [2011/11/04 0:36:00.612]
> (163.11.75.59:15587)(0x8088:0x63) Search request:
> base: "ou=PEOPLE_USERS,o=cedarnet"
> scope:2 dereference:0 sizelimit:0 timelimit:21 attrsonly:0
> filter:
> "(&(objectClass=dynamicGroup)(Member=cn=user4,ou=STUDENT_USERS,o=CEDARNET))"
> attribute: "dn"
> 1355635008 LDAP: [2011/11/04 0:36:01.324]
> (163.11.75.59:15587)(0x7f16:0x63) Sending operation result 0:"":"" to
> connection 0xffffffffb45b4340
> 1355635008 LDAP: [2011/11/04 0:36:01.324]
> (163.11.75.59:15587)(0x8089:0x63) DoSearch on connection
> 0xffffffffb45b4340
> 1355635008 LDAP: [2011/11/04 0:36:01.324]
> (163.11.75.59:15587)(0x8089:0x63) Search request:
> base: "ou=TEMP_USERS,o=cedarnet"
> scope:2 dereference:0 sizelimit:0 timelimit:21 attrsonly:0
> filter:
> "(&(objectClass=dynamicGroup)(Member=cn=user5,ou=STUDENT_USERS,o=CEDARNET))"
> attribute: "dn"
> 1355635008 LDAP: [2011/11/04 0:36:01.325]
> (163.11.75.59:15587)(0x8089:0x63) Sending operation result 0:"":"" to
> connection 0xffffffffb45b4340
> 1355635008 LDAP: [2011/11/04 0:36:01.325]
> (163.11.75.59:15587)(0x808a:0x63) DoSearch on connection
> 0xffffffffb45b4340
> 1355635008 LDAP: [2011/11/04 0:36:01.325]
> (163.11.75.59:15587)(0x808a:0x63) Search request:
> base: "ou=FACSTAFF_USERS,o=cedarnet"
> scope:2 dereference:0 sizelimit:0 timelimit:21 attrsonly:0
> filter:
> "(&(objectClass=dynamicGroup)(Member=cn=user3,ou=STUDENT_USERS,o=CEDARNET))"
> attribute: "dn"
> 1355635008 LDAP: [2011/11/04 0:36:01.326]
> (163.11.75.59:15587)(0x808a:0x63) Sending operation result 0:"":"" to
> connection 0xffffffffb45b4340
> 1355635008 LDAP: [2011/11/04 0:36:01.326]
> (163.11.75.59:15587)(0x808b:0x63) DoSearch on connection
> 0xffffffffb45b4340
> 1355635008 LDAP: [2011/11/04 0:36:01.326]
> (163.11.75.59:15587)(0x808b:0x63) Search request:
> base: "ou=TEMP_USERS,o=cedarnet"
> scope:2 dereference:0 sizelimit:0 timelimit:21 attrsonly:0
> filter:
> "(&(objectClass=dynamicGroup)(Member=cn=user6,ou=STUDENT_USERS,o=CEDARNET))"
>
>



--
Craig Wilson - MCNE, MCSE, CCNA
Novell Knowledge Partner

Novell does not officially monitor these forums.

Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.
--
Please give a hearty thumbs up to any post you find helpful!
To find articles by Craig Wilson simply follow the link: Craig Wilson's Tips!
0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: ZCM and LDAP issues

Note: If you are using DLU, The following setting can reduce the number
of group checks performed and may reduce LDAP overhead slightly.

On 11/9/2011 3:27 PM, craig wilson wrote:
> These DynmaicGroup Queries are expected and cannot currently be disabled.
>
> ZCM 11.2 MIGHT support that option, I know it was in the discussion.
>
> These queries occur when trying to locate any dynamic groups to which a
> user may belong for the purpose of identifying assignments.
>
> On 11/4/2011 1:06 AM, joebob99 wrote:
>>
>> We're running ZCM 10.3.3 and eDir 8.8 SP5, both on SLES 10. Our LDAP
>> servers are single-purpose servers. Below is an excerpt from a trace
>> screen. Our LDAP servers that are designated authentication servers for
>> the ZCM servers are getting pounded by requests like these, leading to
>> very slow login times. The containers that are listed on the "base"
>> lines in this trace correspond to the user containers in the User
>> Sources area. There is something that is causing the ZCM servers to run
>> a query like this very often. I'm not sure if it's when a user logins
>> or what. There's just too much traffic to pin it down. It almost seems
>> like some sort of refresh that's occurring. Have any of you see this
>> kind of query for dynamic groups in your ZCM environment? Our windows 7
>> login policy is assigned to devices instead of users, so I don't think
>> it's that. We have a few bundles that are assigned to users, but they
>> are pretty specific items. I've spent a good deal of this week
>> restarting ndsd processes on LDAP servers and users are getting pretty
>> frustrated with very slow login times. Any help, troubleshooting tips,
>> etc. would be appreciated.
>>
>> Alan
>>
>> 1334581568 LDAP: [2011/11/04 0:36:00.611]
>> (163.11.75.59:15587)(0x8085:0x63) Search request:
>> base: "ou=FACSTAFF_USERS,o=cedarnet"
>> scope:2 dereference:0 sizelimit:0 timelimit:21 attrsonly:0
>> filter:
>> "(&(objectClass=dynamicGroup)(Member=cn=user1,ou=STUDENT_USERS,o=CEDARNET))"
>>
>> attribute: "dn"
>> 1334581568 LDAP: [2011/11/04 0:36:00.611]
>> (163.11.75.59:15587)(0x8085:0x63) Sending operation result 0:"":"" to
>> connection 0xffffffffb45b4340
>> 1334581568 LDAP: [2011/11/04 0:36:00.611]
>> (163.11.75.59:15587)(0x8086:0x63) DoSearch on connection
>> 0xffffffffb45b4340
>> 1334581568 LDAP: [2011/11/04 0:36:00.611]
>> (163.11.75.59:15587)(0x8086:0x63) Search request:
>> base: "ou=STUORG_USERS,o=cedarnet"
>> scope:2 dereference:0 sizelimit:0 timelimit:21 attrsonly:0
>> filter:
>> "(&(objectClass=dynamicGroup)(Member=cn=user2,ou=STUDENT_USERS,o=CEDARNET))"
>>
>> attribute: "dn"
>> 1334581568 LDAP: [2011/11/04 0:36:00.612]
>> (163.11.75.59:15587)(0x8086:0x63) Sending operation result 0:"":"" to
>> connection 0xffffffffb45b4340
>> 1334581568 LDAP: [2011/11/04 0:36:00.612]
>> (163.11.75.59:15587)(0x8087:0x63) DoSearch on connection
>> 0xffffffffb45b4340
>> 1334581568 LDAP: [2011/11/04 0:36:00.612]
>> (163.11.75.59:15587)(0x8087:0x63) Search request:
>> base: "ou=STUDENT_USERS,o=cedarnet"
>> scope:2 dereference:0 sizelimit:0 timelimit:21 attrsonly:0
>> filter:
>> "(&(objectClass=dynamicGroup)(Member=cn=user3,ou=STUDENT_USERS,o=CEDARNET))"
>>
>> attribute: "dn"
>> 1334581568 LDAP: [2011/11/04 0:36:00.612]
>> (163.11.75.59:15587)(0x8087:0x63) Sending operation result 0:"":"" to
>> connection 0xffffffffb45b4340
>> 1334581568 LDAP: [2011/11/04 0:36:00.612]
>> (163.11.75.59:15587)(0x8088:0x63) DoSearch on connection
>> 0xffffffffb45b4340
>> 1334581568 LDAP: [2011/11/04 0:36:00.612]
>> (163.11.75.59:15587)(0x8088:0x63) Search request:
>> base: "ou=PEOPLE_USERS,o=cedarnet"
>> scope:2 dereference:0 sizelimit:0 timelimit:21 attrsonly:0
>> filter:
>> "(&(objectClass=dynamicGroup)(Member=cn=user4,ou=STUDENT_USERS,o=CEDARNET))"
>>
>> attribute: "dn"
>> 1355635008 LDAP: [2011/11/04 0:36:01.324]
>> (163.11.75.59:15587)(0x7f16:0x63) Sending operation result 0:"":"" to
>> connection 0xffffffffb45b4340
>> 1355635008 LDAP: [2011/11/04 0:36:01.324]
>> (163.11.75.59:15587)(0x8089:0x63) DoSearch on connection
>> 0xffffffffb45b4340
>> 1355635008 LDAP: [2011/11/04 0:36:01.324]
>> (163.11.75.59:15587)(0x8089:0x63) Search request:
>> base: "ou=TEMP_USERS,o=cedarnet"
>> scope:2 dereference:0 sizelimit:0 timelimit:21 attrsonly:0
>> filter:
>> "(&(objectClass=dynamicGroup)(Member=cn=user5,ou=STUDENT_USERS,o=CEDARNET))"
>>
>> attribute: "dn"
>> 1355635008 LDAP: [2011/11/04 0:36:01.325]
>> (163.11.75.59:15587)(0x8089:0x63) Sending operation result 0:"":"" to
>> connection 0xffffffffb45b4340
>> 1355635008 LDAP: [2011/11/04 0:36:01.325]
>> (163.11.75.59:15587)(0x808a:0x63) DoSearch on connection
>> 0xffffffffb45b4340
>> 1355635008 LDAP: [2011/11/04 0:36:01.325]
>> (163.11.75.59:15587)(0x808a:0x63) Search request:
>> base: "ou=FACSTAFF_USERS,o=cedarnet"
>> scope:2 dereference:0 sizelimit:0 timelimit:21 attrsonly:0
>> filter:
>> "(&(objectClass=dynamicGroup)(Member=cn=user3,ou=STUDENT_USERS,o=CEDARNET))"
>>
>> attribute: "dn"
>> 1355635008 LDAP: [2011/11/04 0:36:01.326]
>> (163.11.75.59:15587)(0x808a:0x63) Sending operation result 0:"":"" to
>> connection 0xffffffffb45b4340
>> 1355635008 LDAP: [2011/11/04 0:36:01.326]
>> (163.11.75.59:15587)(0x808b:0x63) DoSearch on connection
>> 0xffffffffb45b4340
>> 1355635008 LDAP: [2011/11/04 0:36:01.326]
>> (163.11.75.59:15587)(0x808b:0x63) Search request:
>> base: "ou=TEMP_USERS,o=cedarnet"
>> scope:2 dereference:0 sizelimit:0 timelimit:21 attrsonly:0
>> filter:
>> "(&(objectClass=dynamicGroup)(Member=cn=user6,ou=STUDENT_USERS,o=CEDARNET))"
>>
>>
>>

>
>



--
Craig Wilson - MCNE, MCSE, CCNA
Novell Knowledge Partner

Novell does not officially monitor these forums.

Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.
--
Please give a hearty thumbs up to any post you find helpful!
To find articles by Craig Wilson simply follow the link: Craig Wilson's Tips!
0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: ZCM and LDAP issues

Sorry, I forgot to provide the LINK:
http://www.novell.com/support/viewContent.do?externalId=7007948

This will not eliminate those queries, but help reduce the number of
queries some.

On 11/9/2011 3:30 PM, craig wilson wrote:
> Note: If you are using DLU, The following setting can reduce the number
> of group checks performed and may reduce LDAP overhead slightly.
>
> On 11/9/2011 3:27 PM, craig wilson wrote:
>> These DynmaicGroup Queries are expected and cannot currently be disabled.
>>
>> ZCM 11.2 MIGHT support that option, I know it was in the discussion.
>>
>> These queries occur when trying to locate any dynamic groups to which a
>> user may belong for the purpose of identifying assignments.
>>
>> On 11/4/2011 1:06 AM, joebob99 wrote:
>>>
>>> We're running ZCM 10.3.3 and eDir 8.8 SP5, both on SLES 10. Our LDAP
>>> servers are single-purpose servers. Below is an excerpt from a trace
>>> screen. Our LDAP servers that are designated authentication servers for
>>> the ZCM servers are getting pounded by requests like these, leading to
>>> very slow login times. The containers that are listed on the "base"
>>> lines in this trace correspond to the user containers in the User
>>> Sources area. There is something that is causing the ZCM servers to run
>>> a query like this very often. I'm not sure if it's when a user logins
>>> or what. There's just too much traffic to pin it down. It almost seems
>>> like some sort of refresh that's occurring. Have any of you see this
>>> kind of query for dynamic groups in your ZCM environment? Our windows 7
>>> login policy is assigned to devices instead of users, so I don't think
>>> it's that. We have a few bundles that are assigned to users, but they
>>> are pretty specific items. I've spent a good deal of this week
>>> restarting ndsd processes on LDAP servers and users are getting pretty
>>> frustrated with very slow login times. Any help, troubleshooting tips,
>>> etc. would be appreciated.
>>>
>>> Alan
>>>
>>> 1334581568 LDAP: [2011/11/04 0:36:00.611]
>>> (163.11.75.59:15587)(0x8085:0x63) Search request:
>>> base: "ou=FACSTAFF_USERS,o=cedarnet"
>>> scope:2 dereference:0 sizelimit:0 timelimit:21 attrsonly:0
>>> filter:
>>> "(&(objectClass=dynamicGroup)(Member=cn=user1,ou=STUDENT_USERS,o=CEDARNET))"
>>>
>>>
>>> attribute: "dn"
>>> 1334581568 LDAP: [2011/11/04 0:36:00.611]
>>> (163.11.75.59:15587)(0x8085:0x63) Sending operation result 0:"":"" to
>>> connection 0xffffffffb45b4340
>>> 1334581568 LDAP: [2011/11/04 0:36:00.611]
>>> (163.11.75.59:15587)(0x8086:0x63) DoSearch on connection
>>> 0xffffffffb45b4340
>>> 1334581568 LDAP: [2011/11/04 0:36:00.611]
>>> (163.11.75.59:15587)(0x8086:0x63) Search request:
>>> base: "ou=STUORG_USERS,o=cedarnet"
>>> scope:2 dereference:0 sizelimit:0 timelimit:21 attrsonly:0
>>> filter:
>>> "(&(objectClass=dynamicGroup)(Member=cn=user2,ou=STUDENT_USERS,o=CEDARNET))"
>>>
>>>
>>> attribute: "dn"
>>> 1334581568 LDAP: [2011/11/04 0:36:00.612]
>>> (163.11.75.59:15587)(0x8086:0x63) Sending operation result 0:"":"" to
>>> connection 0xffffffffb45b4340
>>> 1334581568 LDAP: [2011/11/04 0:36:00.612]
>>> (163.11.75.59:15587)(0x8087:0x63) DoSearch on connection
>>> 0xffffffffb45b4340
>>> 1334581568 LDAP: [2011/11/04 0:36:00.612]
>>> (163.11.75.59:15587)(0x8087:0x63) Search request:
>>> base: "ou=STUDENT_USERS,o=cedarnet"
>>> scope:2 dereference:0 sizelimit:0 timelimit:21 attrsonly:0
>>> filter:
>>> "(&(objectClass=dynamicGroup)(Member=cn=user3,ou=STUDENT_USERS,o=CEDARNET))"
>>>
>>>
>>> attribute: "dn"
>>> 1334581568 LDAP: [2011/11/04 0:36:00.612]
>>> (163.11.75.59:15587)(0x8087:0x63) Sending operation result 0:"":"" to
>>> connection 0xffffffffb45b4340
>>> 1334581568 LDAP: [2011/11/04 0:36:00.612]
>>> (163.11.75.59:15587)(0x8088:0x63) DoSearch on connection
>>> 0xffffffffb45b4340
>>> 1334581568 LDAP: [2011/11/04 0:36:00.612]
>>> (163.11.75.59:15587)(0x8088:0x63) Search request:
>>> base: "ou=PEOPLE_USERS,o=cedarnet"
>>> scope:2 dereference:0 sizelimit:0 timelimit:21 attrsonly:0
>>> filter:
>>> "(&(objectClass=dynamicGroup)(Member=cn=user4,ou=STUDENT_USERS,o=CEDARNET))"
>>>
>>>
>>> attribute: "dn"
>>> 1355635008 LDAP: [2011/11/04 0:36:01.324]
>>> (163.11.75.59:15587)(0x7f16:0x63) Sending operation result 0:"":"" to
>>> connection 0xffffffffb45b4340
>>> 1355635008 LDAP: [2011/11/04 0:36:01.324]
>>> (163.11.75.59:15587)(0x8089:0x63) DoSearch on connection
>>> 0xffffffffb45b4340
>>> 1355635008 LDAP: [2011/11/04 0:36:01.324]
>>> (163.11.75.59:15587)(0x8089:0x63) Search request:
>>> base: "ou=TEMP_USERS,o=cedarnet"
>>> scope:2 dereference:0 sizelimit:0 timelimit:21 attrsonly:0
>>> filter:
>>> "(&(objectClass=dynamicGroup)(Member=cn=user5,ou=STUDENT_USERS,o=CEDARNET))"
>>>
>>>
>>> attribute: "dn"
>>> 1355635008 LDAP: [2011/11/04 0:36:01.325]
>>> (163.11.75.59:15587)(0x8089:0x63) Sending operation result 0:"":"" to
>>> connection 0xffffffffb45b4340
>>> 1355635008 LDAP: [2011/11/04 0:36:01.325]
>>> (163.11.75.59:15587)(0x808a:0x63) DoSearch on connection
>>> 0xffffffffb45b4340
>>> 1355635008 LDAP: [2011/11/04 0:36:01.325]
>>> (163.11.75.59:15587)(0x808a:0x63) Search request:
>>> base: "ou=FACSTAFF_USERS,o=cedarnet"
>>> scope:2 dereference:0 sizelimit:0 timelimit:21 attrsonly:0
>>> filter:
>>> "(&(objectClass=dynamicGroup)(Member=cn=user3,ou=STUDENT_USERS,o=CEDARNET))"
>>>
>>>
>>> attribute: "dn"
>>> 1355635008 LDAP: [2011/11/04 0:36:01.326]
>>> (163.11.75.59:15587)(0x808a:0x63) Sending operation result 0:"":"" to
>>> connection 0xffffffffb45b4340
>>> 1355635008 LDAP: [2011/11/04 0:36:01.326]
>>> (163.11.75.59:15587)(0x808b:0x63) DoSearch on connection
>>> 0xffffffffb45b4340
>>> 1355635008 LDAP: [2011/11/04 0:36:01.326]
>>> (163.11.75.59:15587)(0x808b:0x63) Search request:
>>> base: "ou=TEMP_USERS,o=cedarnet"
>>> scope:2 dereference:0 sizelimit:0 timelimit:21 attrsonly:0
>>> filter:
>>> "(&(objectClass=dynamicGroup)(Member=cn=user6,ou=STUDENT_USERS,o=CEDARNET))"
>>>
>>>
>>>
>>>

>>
>>

>
>



--
Craig Wilson - MCNE, MCSE, CCNA
Novell Knowledge Partner

Novell does not officially monitor these forums.

Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.
--
Please give a hearty thumbs up to any post you find helpful!
To find articles by Craig Wilson simply follow the link: Craig Wilson's Tips!
0 Likes
Highlighted
Frequent Contributor.
Frequent Contributor.

Re: ZCM and LDAP issues

Thanks for the suggestion. I'll give it a try.

Alan

craig_wilson;2152803 wrote:
Sorry, I forgot to provide the LINK:
Decrease DLU Login Times and reduce LDAP overhead

This will not eliminate those queries, but help reduce the number of
queries some.

On 11/9/2011 3:30 PM, craig wilson wrote:
> Note: If you are using DLU, The following setting can reduce the number
> of group checks performed and may reduce LDAP overhead slightly.
>
> On 11/9/2011 3:27 PM, craig wilson wrote:
>> These DynmaicGroup Queries are expected and cannot currently be disabled.
>>
>> ZCM 11.2 MIGHT support that option, I know it was in the discussion.
>>
>> These queries occur when trying to locate any dynamic groups to which a
>> user may belong for the purpose of identifying assignments.
>>
>> On 11/4/2011 1:06 AM, joebob99 wrote:
>>>
>>> We're running ZCM 10.3.3 and eDir 8.8 SP5, both on SLES 10. Our LDAP
>>> servers are single-purpose servers. Below is an excerpt from a trace
>>> screen. Our LDAP servers that are designated authentication servers for
>>> the ZCM servers are getting pounded by requests like these, leading to
>>> very slow login times. The containers that are listed on the "base"
>>> lines in this trace correspond to the user containers in the User
>>> Sources area. There is something that is causing the ZCM servers to run
>>> a query like this very often. I'm not sure if it's when a user logins
>>> or what. There's just too much traffic to pin it down. It almost seems
>>> like some sort of refresh that's occurring. Have any of you see this
>>> kind of query for dynamic groups in your ZCM environment? Our windows 7
>>> login policy is assigned to devices instead of users, so I don't think
>>> it's that. We have a few bundles that are assigned to users, but they
>>> are pretty specific items. I've spent a good deal of this week
>>> restarting ndsd processes on LDAP servers and users are getting pretty
>>> frustrated with very slow login times. Any help, troubleshooting tips,
>>> etc. would be appreciated.
>>>
>>> Alan
>>>
>>> 1334581568 LDAP: [2011/11/04 0:36:00.611]
>>> (163.11.75.59:15587)(0x8085:0x63) Search request:
>>> base: "ou=FACSTAFF_USERS,o=cedarnet"
>>> scope:2 dereference:0 sizelimit:0 timelimit:21 attrsonly:0
>>> filter:
>>> "(&(objectClass=dynamicGroup)(Member=cn=user1,ou=STUDENT_USERS,o=CEDARNET))"
>>>
>>>
>>> attribute: "dn"
>>> 1334581568 LDAP: [2011/11/04 0:36:00.611]
>>> (163.11.75.59:15587)(0x8085:0x63) Sending operation result 0:"":"" to
>>> connection 0xffffffffb45b4340
>>> 1334581568 LDAP: [2011/11/04 0:36:00.611]
>>> (163.11.75.59:15587)(0x8086:0x63) DoSearch on connection
>>> 0xffffffffb45b4340
>>> 1334581568 LDAP: [2011/11/04 0:36:00.611]
>>> (163.11.75.59:15587)(0x8086:0x63) Search request:
>>> base: "ou=STUORG_USERS,o=cedarnet"
>>> scope:2 dereference:0 sizelimit:0 timelimit:21 attrsonly:0
>>> filter:
>>> "(&(objectClass=dynamicGroup)(Member=cn=user2,ou=STUDENT_USERS,o=CEDARNET))"
>>>
>>>
>>> attribute: "dn"
>>> 1334581568 LDAP: [2011/11/04 0:36:00.612]
>>> (163.11.75.59:15587)(0x8086:0x63) Sending operation result 0:"":"" to
>>> connection 0xffffffffb45b4340
>>> 1334581568 LDAP: [2011/11/04 0:36:00.612]
>>> (163.11.75.59:15587)(0x8087:0x63) DoSearch on connection
>>> 0xffffffffb45b4340
>>> 1334581568 LDAP: [2011/11/04 0:36:00.612]
>>> (163.11.75.59:15587)(0x8087:0x63) Search request:
>>> base: "ou=STUDENT_USERS,o=cedarnet"
>>> scope:2 dereference:0 sizelimit:0 timelimit:21 attrsonly:0
>>> filter:
>>> "(&(objectClass=dynamicGroup)(Member=cn=user3,ou=STUDENT_USERS,o=CEDARNET))"
>>>
>>>
>>> attribute: "dn"
>>> 1334581568 LDAP: [2011/11/04 0:36:00.612]
>>> (163.11.75.59:15587)(0x8087:0x63) Sending operation result 0:"":"" to
>>> connection 0xffffffffb45b4340
>>> 1334581568 LDAP: [2011/11/04 0:36:00.612]
>>> (163.11.75.59:15587)(0x8088:0x63) DoSearch on connection
>>> 0xffffffffb45b4340
>>> 1334581568 LDAP: [2011/11/04 0:36:00.612]
>>> (163.11.75.59:15587)(0x8088:0x63) Search request:
>>> base: "ou=PEOPLE_USERS,o=cedarnet"
>>> scope:2 dereference:0 sizelimit:0 timelimit:21 attrsonly:0
>>> filter:
>>> "(&(objectClass=dynamicGroup)(Member=cn=user4,ou=STUDENT_USERS,o=CEDARNET))"
>>>
>>>
>>> attribute: "dn"
>>> 1355635008 LDAP: [2011/11/04 0:36:01.324]
>>> (163.11.75.59:15587)(0x7f16:0x63) Sending operation result 0:"":"" to
>>> connection 0xffffffffb45b4340
>>> 1355635008 LDAP: [2011/11/04 0:36:01.324]
>>> (163.11.75.59:15587)(0x8089:0x63) DoSearch on connection
>>> 0xffffffffb45b4340
>>> 1355635008 LDAP: [2011/11/04 0:36:01.324]
>>> (163.11.75.59:15587)(0x8089:0x63) Search request:
>>> base: "ou=TEMP_USERS,o=cedarnet"
>>> scope:2 dereference:0 sizelimit:0 timelimit:21 attrsonly:0
>>> filter:
>>> "(&(objectClass=dynamicGroup)(Member=cn=user5,ou=STUDENT_USERS,o=CEDARNET))"
>>>
>>>
>>> attribute: "dn"
>>> 1355635008 LDAP: [2011/11/04 0:36:01.325]
>>> (163.11.75.59:15587)(0x8089:0x63) Sending operation result 0:"":"" to
>>> connection 0xffffffffb45b4340
>>> 1355635008 LDAP: [2011/11/04 0:36:01.325]
>>> (163.11.75.59:15587)(0x808a:0x63) DoSearch on connection
>>> 0xffffffffb45b4340
>>> 1355635008 LDAP: [2011/11/04 0:36:01.325]
>>> (163.11.75.59:15587)(0x808a:0x63) Search request:
>>> base: "ou=FACSTAFF_USERS,o=cedarnet"
>>> scope:2 dereference:0 sizelimit:0 timelimit:21 attrsonly:0
>>> filter:
>>> "(&(objectClass=dynamicGroup)(Member=cn=user3,ou=STUDENT_USERS,o=CEDARNET))"
>>>
>>>
>>> attribute: "dn"
>>> 1355635008 LDAP: [2011/11/04 0:36:01.326]
>>> (163.11.75.59:15587)(0x808a:0x63) Sending operation result 0:"":"" to
>>> connection 0xffffffffb45b4340
>>> 1355635008 LDAP: [2011/11/04 0:36:01.326]
>>> (163.11.75.59:15587)(0x808b:0x63) DoSearch on connection
>>> 0xffffffffb45b4340
>>> 1355635008 LDAP: [2011/11/04 0:36:01.326]
>>> (163.11.75.59:15587)(0x808b:0x63) Search request:
>>> base: "ou=TEMP_USERS,o=cedarnet"
>>> scope:2 dereference:0 sizelimit:0 timelimit:21 attrsonly:0
>>> filter:
>>> "(&(objectClass=dynamicGroup)(Member=cn=user6,ou=STUDENT_USERS,o=CEDARNET))"
>>>
>>>
>>>
>>>

>>
>>

>
>



--
Craig Wilson - MCNE, MCSE, CCNA
Novell Knowledge Partner

Novell does not officially monitor these forums.

Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.