ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

LDAP Import hangs on user with large number of groups

book

Article ID: 238837

calendar_today

Updated On:

Products

CA Service Desk Manager

Issue/Introduction

After upgrading from 17.2.16 to 17.3.12 we have a problem with LDAP import.

When running pdm_ldap_import the process hangs after some time. There are no errors in any logs.

 

Environment

Release : 17.3

Component : SDM - Other

Resolution

Unfortunately, the crash/hang happens in a Microsoft API that we have to use to communicate with LDAP server. We reached out to Microsoft but they were not able to provide any workaround or solution, hence there is nothing we can do about it. The only option we have is to  build a hierarchy of groups with inheritance, so that the user doesn't have as many explicit groups, or disable the inclusion of group information.

Unfortunately there is nothing else we can really do; moving back to the old API that the earlier release used would break compatibility with current AD versions.