AD Referral causes slowness for UDS to AD communication

Document ID : KB000111843
Last Modified Date : 22/08/2018
Show Technical Document Details
Issue:
Footprints in arcotuds.log like shown below are indicative of referral chasing on the AD Directory server side leading to non-white listed IP addresses and inactive servers delaying the responses to the UDS.

2018-08-20 21:43:44,723 EDT : [http-nio-8080-exec-126] : DEBUG : ldap.impl.LDAPUserDAOImpl : Returning Attributes = 12
2018-08-20 21:43:44,723 EDT : [http-nio-8080-exec-126] : DEBUG : ldap.impl.LDAPUserDAOImpl : Search limit set to - 2147483647
2018-08-20 21:43:44,723 EDT : [http-nio-8080-exec-126] : DEBUG : ldap.impl.LDAPUserDAOImpl : Redirect Attribute 'null' & Redirect schema ''
2018-08-20 21:48:21,023 EDT : [http-nio-8080-exec-126] : DEBUG : ldap.impl.LDAPUserDAOImpl : Initial search returned '1' results ß---------------------------------------- Delay of 4 minutes 37 seconds for ldap / AD query to fetch the results
2018-08-20 21:48:21,023 EDT : [http-nio-8080-exec-126] : DEBUG : ldap.impl.LDAPUserDAOImpl : Processing Search Results returned of size '1'
 
 

 
Environment:
LDAP Organization  configured in CA Strong Authentication to point to an Acttive Directory server. 
Cause:
The underlying AD server is chasing referrals and some of the references are to inactive and non-white listed IP addresses and servers. 
Resolution:
Active Directory Admin should ensure that inactive servers and non-white listed IP addresses are removed from the referral list. 
Additional Information:
None.