After enabling LDAP the primary hub is unstable and it goes down
Article ID: 280605
Updated On:
Products
Issue/Introduction
The LDAP integration is causing hub to restart in loop. every 20 minutes up to every 2 days. LDAP was configured recently and when deactivated the issue does not occur.
The hub.log is flooded with these messages: (hundreds every minute)
Oct 31 23:28:59:999 [8900] 0 hub: login [LDAP] - (logon_user) 0 user found for (&(objectClass=person)(|(userPrincipalName=<user>@<domain>.com)(sAMAccountName=<user>@<domain>.com))), do not know which to use.
Oct 31 23:28:59:999 [8900] 0 hub: Login: failed for <user>@<domain>.com , ip = ##.###.##.##
Environment
DX UIM 20.4.* / 23.4
Cause
If an external integration with UIM (REST UIMAPI user) tries to log into the primary hub continuously hundreds of time per minute this can overload the primary hub, which at every single call it will try to connect to the LDAP Server.
Resolution
If there is a rest user logging in continuously to the primary it may causes stress on the primary hub that is LDAP connected.
To avoid this issue, Implement a proxy hub. Secondary hub will actually connect and query the LDAP Server. While The primary hub is instructed to use that secondary hub as proxy hub.
Enable Login with LDAP (broadcom.com)
• In the secondary hub, configure LDAP as it's normally done for the primary and test it is working.
• In the primary hub change from Direct LDAP to Nimsoft Proxy Hub indicating the IP of the secondary hub.
This way you release the stress on the primary hub while the secondary hub is in charge of querying the remote AD Server.
Feedback
