API Gateway: Ldap search via policy manager timeout
Article ID: 115334
Updated On:
Products
STARTER PACK-7
CA Rapid App Security
CA API Gateway
Issue/Introduction
The CA API Gateway is facing slow LDAP authentication even when the ldap read timeouts are set to high value. The Ldapsearch without gateway works fast.The issue is also seen when logging into policy manager using ldap credentials.
The ldap search for users , groups or any particular user/group showed "Awaiting response from Gateway"
and logging into policy manager showed "Connection to Gateway has been broken"
The ldap search for users , groups or any particular user/group showed "Awaiting response from Gateway"
and logging into policy manager showed "Connection to Gateway has been broken"
Environment
CA API Gateway 10.0
Cluster of 2 however issue is seen in only one node.
Cause
The issue has been identified to be ldap referrals were turned on in ldap configuration.
Resolution
The ldap referrals can be turned off using
ldap.referral=ignore in cluster wide properties in CA API Gateway.
You can find more about all ldap related cluster wide properties here
https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-gateway/10-0/reference/gateway-cluster-properties/ldap-cluster-properties.html
Additional Information
Additionally also change the nesting level to 1 in ldap configuration if above solution doesn't work or open a case with Broadcom Support.
Feedback
Yes
No
Powered by
