Dell EMC Unity: NAS server performs multiple LDAP queries every 5 minutes (User Correctable)
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
Each Unity NAS server runs an LDAP search, usually with a scope limit of one, on each attribute for each container configured in the ldap.conf at intervals of approximately 5 minutes.
Cause
This is working as designed.
A NAS server searches to make sure each attribute in each container is present on the LDAP server to confirm the configuration of the LDAP service is still valid and searches are functioning. With a scope of one the LDAP server will return one entry. This is part of normal operations on Unity.
Example containers:
nss_base_passwd cn=Domain Users,ou=Users Location,dc=mydomain,dc=com?one
nss_base_group cn=Domain Users,ou=Users Location,dc=mydomain,dc=com?one
nss_base_hosts cn=Computers,dc=mydomain,dc=com?one
nss_base_netgroup cn=netgroup,cn=mydomain,cn=DefaultMigrationContainer30,dc=mycomain,dc=com?one
The "one" at the end of each line is the scope of the search. If not specified, the default is one. Scope can have these possible values: base,one,sub
In triaged Service Data, files such as this:
\spX\cmd_outputs\nas\VDM_YY\_server_config_SVDM_A_-v_YY_ns_ldap_info_verbose_.txt
show the LDAP configuration as seen by the NAS server. X represents the SP and YY is the VDM number. The scope of the search is shown in brackets.
A NAS server searches to make sure each attribute in each container is present on the LDAP server to confirm the configuration of the LDAP service is still valid and searches are functioning. With a scope of one the LDAP server will return one entry. This is part of normal operations on Unity.
Example containers:
nss_base_passwd cn=Domain Users,ou=Users Location,dc=mydomain,dc=com?one
nss_base_group cn=Domain Users,ou=Users Location,dc=mydomain,dc=com?one
nss_base_hosts cn=Computers,dc=mydomain,dc=com?one
nss_base_netgroup cn=netgroup,cn=mydomain,cn=DefaultMigrationContainer30,dc=mycomain,dc=com?one
The "one" at the end of each line is the scope of the search. If not specified, the default is one. Scope can have these possible values: base,one,sub
In triaged Service Data, files such as this:
\spX\cmd_outputs\nas\VDM_YY\_server_config_SVDM_A_-v_YY_ns_ldap_info_verbose_.txt
show the LDAP configuration as seen by the NAS server. X represents the SP and YY is the VDM number. The scope of the search is shown in brackets.
Resolution
This is working as designed.
See this KB for information on LDAP configuration troubleshooting, ldap.conf file editing, and sample ldap.conf file:
488258 : Dell EMC Unity : File : LDAP configuration issues troubleshooting (DELL EMC Correctable) https://support.emc.com/kb/488258
See this KB for information on LDAP configuration troubleshooting, ldap.conf file editing, and sample ldap.conf file:
488258 : Dell EMC Unity : File : LDAP configuration issues troubleshooting (DELL EMC Correctable) https://support.emc.com/kb/488258
Additional Information
A sample _server_config_SVDM_A_-v_YY_ns_ldap_info_verbose_.txt file is shown below:
1555596523: LDAP: 6: LDAP domain: xxxxxxx.com
1555596523: LDAP: 6: State: Configured - Connected
1555596523: LDAP: 6: Schema: Active Directory
1555596523: LDAP: 6: Base dn: DC=xxxxxxx,DC=com
1555596523: LDAP: 6: Bind dn: CN=Unity,OU=DataCenter,DC=xxxxxxx,DC=com
1555596523: LDAP: 6: Auto-Discovery: DNS - TTL: 1200 s - Next refresh in 1002 s
1555596523: LDAP: 6: Configuration: File: ldap.conf - TTL: 1200 s - Next refresh in 1002 s
1555596523: LDAP: 6: LDAP server #0: 10.xx.xx.xx - Port: 389 - Active
1555596523: LDAP: 6: SSL: Not enabled
1555596523: LDAP: 6: Naming ctx: (baseDn is ticked)
1555596523: LDAP: 6: [x] DC=xxxxxxx,DC=com
1555596523: LDAP: 6: [ ] CN=Configuration,DC=xxxxxxx,DC=com
1555596523: LDAP: 6: [ ] CN=Schema,CN=Configuration,DC=xxxxxxx,DC=com
1555596523: LDAP: 6: [ ] DC=DomainDnsZones,DC=xxxxxxx,DC=com
1555596523: LDAP: 6: [ ] DC=ForestDnsZones,DC=xxxxxxx,DC=com
1555596523: LDAP: 6: Containers: (no [scope] means ignored, unless parent container with sub scope is valid)
1555596523: LDAP: 6: Passwd: Class: User - Attributes: uid, uidNumber, gidNumber, unixUserPassword, unixHomeDirectory
1555596523: LDAP: 6: [ ] CN=Computers,DC=xxxxxxx,DC=com
1555596523: LDAP: 6: [one] CN=Users,DC=xxxxxxx,DC=com - prefix=CN
1555596523: LDAP: 6: Group: Class: Group - Attributes: gidNumber, member
1555596523: LDAP: 6: member syntax is DN (Windows)
1555596523: LDAP: 6: [one] CN=Users,DC=xxxxxxx,DC=com - prefix=CN
1555596523: LDAP: 6: Hosts: Class: Computer - Attributes: ipHostNumber
1555596523: LDAP: 6: [one] CN=Computers,DC=xxxxxxx,DC=com - prefix=CN
1555596523: LDAP: 6: Netgroup: Class: nisNetgroup - Attributes: nisNetgroupTriple, memberNisNetgroup
1555596523: LDAP: 6: [one] cn=netgroup,cn=xxxxxxx,cn=DefaultMigrationContainer30,DC=xxxxxxx,DC=com
If an LDAP search fails, then Unity posts a warning alert "LDAP client settings on NAS server MMMMMMM are not valid within domain NNNNNNN.com."
The customer should verify that at least object (with attributes set) exist in each container. For instance, there should be a netgroup object with attributes nisNetgroupTriple and memberNisNetgroup in container cn=netgroup,cn=xxxxxxx,cn=DefaultMigrationContainer30,DC=xxxxxxx,DC=com.
1555596523: LDAP: 6: LDAP domain: xxxxxxx.com
1555596523: LDAP: 6: State: Configured - Connected
1555596523: LDAP: 6: Schema: Active Directory
1555596523: LDAP: 6: Base dn: DC=xxxxxxx,DC=com
1555596523: LDAP: 6: Bind dn: CN=Unity,OU=DataCenter,DC=xxxxxxx,DC=com
1555596523: LDAP: 6: Auto-Discovery: DNS - TTL: 1200 s - Next refresh in 1002 s
1555596523: LDAP: 6: Configuration: File: ldap.conf - TTL: 1200 s - Next refresh in 1002 s
1555596523: LDAP: 6: LDAP server #0: 10.xx.xx.xx - Port: 389 - Active
1555596523: LDAP: 6: SSL: Not enabled
1555596523: LDAP: 6: Naming ctx: (baseDn is ticked)
1555596523: LDAP: 6: [x] DC=xxxxxxx,DC=com
1555596523: LDAP: 6: [ ] CN=Configuration,DC=xxxxxxx,DC=com
1555596523: LDAP: 6: [ ] CN=Schema,CN=Configuration,DC=xxxxxxx,DC=com
1555596523: LDAP: 6: [ ] DC=DomainDnsZones,DC=xxxxxxx,DC=com
1555596523: LDAP: 6: [ ] DC=ForestDnsZones,DC=xxxxxxx,DC=com
1555596523: LDAP: 6: Containers: (no [scope] means ignored, unless parent container with sub scope is valid)
1555596523: LDAP: 6: Passwd: Class: User - Attributes: uid, uidNumber, gidNumber, unixUserPassword, unixHomeDirectory
1555596523: LDAP: 6: [ ] CN=Computers,DC=xxxxxxx,DC=com
1555596523: LDAP: 6: [one] CN=Users,DC=xxxxxxx,DC=com - prefix=CN
1555596523: LDAP: 6: Group: Class: Group - Attributes: gidNumber, member
1555596523: LDAP: 6: member syntax is DN (Windows)
1555596523: LDAP: 6: [one] CN=Users,DC=xxxxxxx,DC=com - prefix=CN
1555596523: LDAP: 6: Hosts: Class: Computer - Attributes: ipHostNumber
1555596523: LDAP: 6: [one] CN=Computers,DC=xxxxxxx,DC=com - prefix=CN
1555596523: LDAP: 6: Netgroup: Class: nisNetgroup - Attributes: nisNetgroupTriple, memberNisNetgroup
1555596523: LDAP: 6: [one] cn=netgroup,cn=xxxxxxx,cn=DefaultMigrationContainer30,DC=xxxxxxx,DC=com
If an LDAP search fails, then Unity posts a warning alert "LDAP client settings on NAS server MMMMMMM are not valid within domain NNNNNNN.com."
The customer should verify that at least object (with attributes set) exist in each container. For instance, there should be a netgroup object with attributes nisNetgroupTriple and memberNisNetgroup in container cn=netgroup,cn=xxxxxxx,cn=DefaultMigrationContainer30,DC=xxxxxxx,DC=com.
Affected Products
Dell EMC Unity FamilyProducts
Dell EMC Unity FamilyArticle Properties
Article Number: 000056953
Article Type: Solution
Last Modified: 11 Dec 2025
Version: 3
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.