DX Platform - LDAP tenant authentication issues and limitations

book

Article ID: 203976

calendar_today

Updated On:

Products

DX Application Performance Management DX Operational Intelligence CA App Experience Analytics

Issue/Introduction

We have successfully created a Tenant with LDAP authentication, however, we found 2 issues:

Issue #1) Once connecting with LDAP, the tenant began downloading the entire tree of user objects.

Issue #2) It stopped displaying the users at about 500 (+/-) so we are unable to look up users in the interface or assign the appropriate roles/permissions. 

We have close to 100,000 or more users objects in our LDAP tree and the idea of replicating them in a tenant seems less than desirable. 

 

Cause

Work by design:

1) All users that are part of input specified under LDAP Base DN input will be listed when you perform search.
2) The DXI Users UI only load up to 500 Users, this limit is not configurable 

 

Environment

DX Platform 20.2
DX Operational Intelligence 20.x 
DX Application Performance Management 20.x 
DX AXA 20.x 

 

 

Resolution

1) It is highly recommend to use SAML authentication as has better group restrictions for users, since the idp actually does all the restrictions. 

2) Workarounds for AD:

a) limit the users by providing LDAP Base DN to be more specific DN.

b) Create a virtual subset of AD,

 

Additional Information

DX AIOPs - Troubleshooting, Common Issues and Best Practices
https://knowledge.broadcom.com/external/article/190815