I have a linux system that is using Active Directory (2012) for LDAP lookups of users and groups. It's in a network that is connected to our main site by VPN.
When the VPN goes down, all ldap queries start failing. By running ss in a loop while removing this connection, I was able to see that the linux host is trying to make connections to AD servers that are not specified anywhere in ldap.conf.
Does anyone know what would be causing this to happen, and how it can be prevented?
https://technet.microsoft.com/en-us/library/Cc755809(v=WS.10).aspx#w2k3tr_adsrh_how_lhjt
Scroll down to LDAP Referrals
"When a requested object exists in the directory but is not present on the contacted domain controller, resolution of the object name depends on information that is stored on that domain controller about how the directory is partitioned. In a partitioned directory, by definition, the entire directory is not always available on any one domain controller."