Logon on Enterprise Management Console is delayed

Document ID : KB000007015
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

Customer add new AD server. 

So, he change AD server setting in ac-dir.xml from old machine to new machine. 

And then he has met the delayed login problem. when he login via ENTM console, it takes 50-65 seconds. 

 

Environment:
OS: Windows AllProd: CA Privileged Identity Manager r12.8 CF2 for SAM or later CDB: MS SQLServer or ORACLE User Store: Active Directory
Cause:

Customer defined many customized Role and following many ActiveDirectory group at Member rule in each Roles:

 

<imsrule:MemberRule> 

  <Group name="CN=ADGROUP001,CN=Users,DC=testAD,DC=local"/> 

  <Group name="CN=ADGROUP002,CN=Users,DC=testAD,DC=local"/> 

  <Group name="CN=ADGROUP003,CN=Users,DC=testAD,DC=local"/> 

  ...

  <Group name="CN=ADGROUP098,.... 

</imsrule:MemberRule> 

 

When user login to ENTM server, PIM search role and check user has which role. 

It takes long time for searching. So, login is delayed. 

 

Resolution:

Create Container group for each Role's member.

for Example, 

 GGroup1

  + ADGROUP001

  + ADGROUP002

  + ADGROUP003

  ...

  + ADGROUP098

 

And Member rule defined as following:

<imsrule:MemberRule> 

  <Group name="CN=GGroup1,CN=Users,DC=testAD,DC=local"/> 

</imsrule:MemberRule>