Document ID: TEC1566066Last Modified Date: 6/6/2016Authored By: Yanna
Symptoms:
CA APM Webview client takes long time to login for LDAP users who belong to nested group in LDAP.
Environment:
CA APM 9.1.x to CA APM 10.2
Cause:
All LDAP groups seem to be queried to determine if a user has entitlements to log into CA APM Introscope Workstation / Webview clients. This broad/recursive search seems to be the method implemented by CA in order to provide a general-purpose solution for all LDAPs; unfortunately this search method is very inefficient due to the quantity and size of LDAP groups. if a user belongs to a nested group and if you wantto disable nested group search then one can put in this property to do so to reduce ldap query overhead.
Workaround:
Add the below property in the realms.xml file to disable Nested Group Search.
By default this property is optional and default value is false and by default the code searches for nested groups recursively. <!-- Optionally set to true to disable group searching which searches for nested groups. --> <!-- Default is false. --> <property name="disableNestedGroupSearch"> <value>true</value></property>
Note: Need to restart EM
Search the Entire CA APM Knowledge Base