ldap search via ca api gateway policy manager timeout

Document ID : KB000115334
Last Modified Date : 05/10/2018
Show Technical Document Details
Issue:
The CA API Gateway is facing  slow LDAP authentication even when the ldap read timeouts are set to high value. The Ldapsearch without gateway works fast.The issue is also seen when logging into policy manager using ldap credentials.

The ldap search for users , groups or any particular user/group showed "Awaiting response from Gateway"
and logging into policy manager showed "Connection to Gateway has been broken"
 
Environment:
CA API Gateway 9.3
Cluster of 2 however issue is seen in only one node.
Cause:
The issue has been identified to be ldap referrals were turned on in ldap configuration.
 
Resolution:
The ldap referrals can be turned off using
ldap.referral=ignore in cluster wide properties in CA API Gateway

You can find more about all ldap related cluster wide properties  here
https://docops.ca.com/ca-api-gateway/9-3/en/reference/gateway-cluster-properties/ldap-cluster-properties/
Additional Information:
Additionally also change the nesting level to 1 in ldap configuration if above solution doesn't work or open a case with CA Support.