https://live.paloaltonetworks.com/t5/general-topics/gp-issue-with-ldap-timeouts/m-p/341893#M85742 <P>Bind timeout - Time spent trying to connect to a server before marking it 'down'.&nbsp; Will try next in list</P><P>Search timeout&nbsp; - Time spent on a successful server attempting a search.&nbsp; Does not mark it down, just incomplete</P><P>Retry - Time to 'wait' before reconnecting to a 'down' server (from bind)</P><P>&nbsp;</P><P>&nbsp;</P><P>When the auth is failing, is it returning an 'auth failed' to the user, or just timing out?&nbsp; If auth failed, they need to enter their username/pw correctly (in format the DC likes)</P><P>&nbsp;</P><P>Would suggest (since you have two servers) lowing BIND to 10 seconds, leave search as is. For the retry interval - lower is good for a network 'blip'.&nbsp; Higher is better if you feel the outage will be &gt; 60 second (reboot of server).</P> Mon, 03 Aug 2020 19:59:15 GMT Chris_Johnston 2020-08-03T19:59:15Z https://live.paloaltonetworks.com/t5/general-topics/gp-issue-with-ldap-timeouts/m-p/340797#M85504 <P>Hello Folks ,</P><P>&nbsp;</P><P>We are having an issue with LDAP auth . We have two servers in LDAP profile</P><P>&nbsp;</P><P>10.1.1.4</P><P>10.1.1.26</P><P>&nbsp;</P><P>The timeout settings are</P><P>Bind timeout 30 seconds</P><P>Search timeout 30 seconds</P><P>Retry 60 seconds</P><P>&nbsp;</P><P>The GP timeout is 80 seconds</P><P>&nbsp;</P><P>The behaviour is quite random . Most of the time the auth fails to 10.1.1.4 but it never goes to next server</P><P>&nbsp;</P><P>but some times when elapsed timeout is around 35-40 seconds , it goes to second server</P><P>&nbsp;</P><P>What is the meaning of Search timeout ?</P><P>&nbsp;</P><P>Do i have to decrease the bind and search timeouts ?</P><P>&nbsp;</P><P>-Tom</P> Mon, 27 Jul 2020 08:34:36 GMT https://live.paloaltonetworks.com/t5/general-topics/gp-issue-with-ldap-timeouts/m-p/340797#M85504 FWPalolearner 2020-07-27T08:34:36Z https://live.paloaltonetworks.com/t5/general-topics/gp-issue-with-ldap-timeouts/m-p/341893#M85742 <P>Bind timeout - Time spent trying to connect to a server before marking it 'down'.&nbsp; Will try next in list</P><P>Search timeout&nbsp; - Time spent on a successful server attempting a search.&nbsp; Does not mark it down, just incomplete</P><P>Retry - Time to 'wait' before reconnecting to a 'down' server (from bind)</P><P>&nbsp;</P><P>&nbsp;</P><P>When the auth is failing, is it returning an 'auth failed' to the user, or just timing out?&nbsp; If auth failed, they need to enter their username/pw correctly (in format the DC likes)</P><P>&nbsp;</P><P>Would suggest (since you have two servers) lowing BIND to 10 seconds, leave search as is. For the retry interval - lower is good for a network 'blip'.&nbsp; Higher is better if you feel the outage will be &gt; 60 second (reboot of server).</P> Mon, 03 Aug 2020 19:59:15 GMT https://live.paloaltonetworks.com/t5/general-topics/gp-issue-with-ldap-timeouts/m-p/341893#M85742 Chris_Johnston 2020-08-03T19:59:15Z