(CSA) Support Tip: Use of uniqueMember with AD might lead to slow times to log in to MPP
We had an experience with Active Directory where login to MPP took a very long time (about 2 minutes). While the OU that is configured for access to the organization is very big (in terms of number of users), the actual reason turned out to be the presence of 'uniqueMember' in the attributes configured on the organization LDAP tab to be used to get group memebership from LDAP.
Orginially, the IDM's LDAP query to get the groups the user is a member of:
took a very long time.
When we removed 'uniqueMember' and kept just 'member', the query:
took a short time.
While this is still under review (in order to confirm the reason and adjust the documentation if needed), sharing this information with the audience still may be worthwile. Related ER can be found here: https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facetsearch/document/KM02858425.