When the directory data service cannot properly communicate with an LDAP server (for example, if the network link to the LDAP server is down or when a data integrity problem is encountered) message processing and user authentication can be affected. The resulting behavior varies based on the directory data service function that is affected.
You may need to contact your system administrator for assistance, or you can attempt the following strategies through your directory data service configuration.
Use a network load balancer between the Symantec Messaging Gateway host(s) and the LDAP directory to distribute requests between replicas of the directory data.
This can improve performance and provide for failover if one of the servers becomes unavailable. If a load balancer cannot be employed, the directory data service rotates connections among multiple IP addresses assigned to an LDAP server hostname.
Ensure that your data source cache size and time-to-live values are appropriate for your deployment. If the directory data service cannot contact an LDAP server, that cached result can be used, even if the time-to-live (TTL) of that cached entry has expired.
To avoid message delivery impacts due to long network timeouts on requests to a faltering LDAP server host, if 10 data source access errors are encountered over a period of 60 seconds, then the data source is marked as unavailable to the directory data service for a period of 300 seconds, and all requests are served from the cache during that time.
Imported Document ID: HOWTO53849
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe