Community in read only mode June 18 & 19
This community will be set in READ ONLY mode for a while on Tuesday June 18 into Wednesday June 19 while we import content and users from our Micro Focus Forums community site. MORE INFORMATION
Highlighted
igort Trusted Contributor.
Trusted Contributor.
175 views

(CSA) Support Tip: Use of uniqueMember with AD might lead to slow times to log in to MPP

We had an experience with Active Directory where login to MPP took a very long time (about 2 minutes). While the OU that is configured for access to the organization is very big (in terms of number of users), the actual reason turned out to be the presence of 'uniqueMember' in the attributes configured on the organization LDAP tab to be used to get group memebership from LDAP.

Orginially, the IDM's LDAP query to get the groups the user is a member of:


(&(|(objectClass=groupOfNames)(objectClass=groupOfUniqueNames)(objectClass=group))(|(member=user_details)(uniqueMember=user_details)))

took a very long time.

When we removed 'uniqueMember' and kept just 'member', the query:

(&(|(objectClass=groupOfNames)(objectClass=groupOfUniqueNames)(objectClass=group))(member=user_details))

took a short time.

While this is still under review (in order to confirm the reason and adjust the documentation if needed), sharing this information with the audience still may be worthwile. Related ER can be found here: https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facetsearch/document/KM02858425.

Labels (1)
Tags (1)
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.