ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

AD Referral causes slowness for UDS to AD communication

book

Article ID: 111843

calendar_today

Updated On:

Products

CA Rapid App Security CA Advanced Authentication

Issue/Introduction

Footprints in arcotuds.log like shown below are indicative of referral chasing on the AD Directory server side leading to non-white listed IP addresses and inactive servers delaying the responses to the UDS.

2018-08-20 21:43:44,723 EDT : [http-nio-8080-exec-126] : DEBUG : ldap.impl.LDAPUserDAOImpl : Returning Attributes = 12
2018-08-20 21:43:44,723 EDT : [http-nio-8080-exec-126] : DEBUG : ldap.impl.LDAPUserDAOImpl : Search limit set to - 2147483647
2018-08-20 21:43:44,723 EDT : [http-nio-8080-exec-126] : DEBUG : ldap.impl.LDAPUserDAOImpl : Redirect Attribute 'null' & Redirect schema ''
2018-08-20 21:48:21,023 EDT : [http-nio-8080-exec-126] : DEBUG : ldap.impl.LDAPUserDAOImpl : Initial search returned '1' results ß---------------------------------------- Delay of 4 minutes 37 seconds for Ldap / AD query to fetch the results
2018-08-20 21:48:21,023 EDT : [http-nio-8080-exec-126] : DEBUG : ldap.impl.LDAPUserDAOImpl : Processing Search Results returned of size '1'
 
 

 

Cause

The underlying AD server is chasing referrals and some of the references are to inactive and non-white listed IP addresses and servers. 

Environment

AuthMinder(Arcot WebFort)

Resolution

Active Directory Admin should ensure that inactive servers and non-white listed IP addresses are removed from the referral list. 

We also have a patch to disable Referrals now built in the product, for more Information about setting it up please reach out to support.