users notice randomly a 15 seconds delay while authenticating to the NIDP server using kerberos authentication

• user authenticating to the NIDP server using the kerberos autjentication class / method / contract notice a random 15 seconds delay during the authentication process
• users never fail to authenticate
• the configured Active Directory server returns several LDAP referrals in response to the LDAP search request for the user currently authenticating
  

The DNS resolution for the LDAP servers returned in the LDAP referrals did not resolve to any IP address. Therefore the NIDP server runs into the configured LDAP timeout (default 15 seconds). Adding the required entries to the DNS server fixed the problem. As a temporary workaround the missing entries can be added to the "hosts" file