We have successfully created a Tenant with LDAP authentication, however, we found 2 issues:
Issue #1) Once connecting with LDAP, the tenant began downloading the entire tree of user objects.
Issue #2) It stopped displaying the users at about 500 (+/-) so we are unable to look up users in the interface or assign the appropriate roles/permissions.
We have close to 100,000 or more users objects in our LDAP tree and the idea of replicating them in a tenant seems less than desirable.
DX Platform 20.2
DX Operational Intelligence 20.x
DX Application Performance Management 20.x
DX AXA 20.x
Work by design:
1) All users that are part of input specified under LDAP Base DN input will be listed when you perform search.
2) The DXI Users UI only load up to 500 Users, this limit is not configurable
1) It is highly recommend to use SAML authentication as has better group restrictions for users, since the idp actually does all the restrictions.
2) Workarounds for AD:
a) limit the users by providing LDAP Base DN to be more specific DN.
b) Create a virtual subset of AD,
DX AIOPs - Troubleshooting, Common Issues and Best Practices
https://knowledge.broadcom.com/external/article/190815