--On Friday, March 19, 2021 1:39 PM +0000 "Ballem, Narayanan"
<Narayanan.Ballem(a)Staples.com> wrote:
HI ,
Thanks for your time and response.
Looks like I missed this email.
I don't see issue with AD here, Let me explain bit more
We have 2 (1 master , 1 slave) servers in each site and those are under
F5 LB with TCP enabled.
Under F5 setup
Primary site servers takes load around 3K Ldap clients
Secondary site servers take around 50K Ldap clients
The problem which I am seeing with primary site server directly by
passing F5 layer when we test with 5-10 clients it's working as expected
no issue with GID name fetching however when we enabled servers under F5
with all the clients we are seeing GID fetching issue. And we are not
offloaded any cert in F5 it just TCP so no issue with F5 here.
Similarly secondary site servers are working fine with F5 or directly
without any issue and Backend AD syncing is working fine in both the
sites.
Both the sites configuration are intact except systems are in different
locations.
The only difference I see is no of clients are high in primary site and
no errors in ldap server logs , I am not sure my ldap servers not able to
take more than 100 clients. I am guessing some tuning might required.
Are you sure the F5 isn't silently closing connections? This is a common
problem with F5's.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<
http://www.symas.com>