APM 9.x to APM 10.3
All LDAP groups seem to be queried to determine if a user has entitlements to log into CA APM Introscope Workstation / Webview clients. This broad/recursive search seems to be the method implemented by CA in order to provide a general-purpose solution for all LDAP's; unfortunately this search method is very inefficient due to the quantity and size of LDAP groups. If a user belongs to a nested group and if you want to disable nested group search then one can put in this property to do so to reduce LDAP query overhead.
The root cause for the slowness is that ATC is querying users groups, a single realm call (LDAP or EEM or EEM+LDAP) returns all groups where the user belongs directly and is not an issue.
However, the issue occurs for each of the user groups, it calls realms again to obtain parent groups of the group. Also it is done recursively for each group. So if a user is member of 200 groups, there is at least 200 calls to get parent group for each of them.