LDAP users experience slow NSX-T UI logins
Article ID: 326174
Updated On:
Products
VMware NSX Networking
Issue/Introduction
Symptoms:
- All NSX-T versions.
- NSX-T uses LDAP directly integrated for RBAC role assignment.
- Users that are part of a large number of AD groups, either directly or through nesting experience slow UI login.
- User may be able to login but is logged out automatically after a few minutes
Environment
VMware NSX-T Data Center
Cause
Even though a user may be a direct member of a small number of AD groups, this may explode out to a large number with AD group nesting.
As part of the login process, NSX-T does a full recursive lookup of nested groups. This is expensive from a timing perspective and results in a delayed login.
As part of the login process, NSX-T does a full recursive lookup of nested groups. This is expensive from a timing perspective and results in a delayed login.
Resolution
This is a known issue affecting NSX-T Data Center.
Workaround:
To avoid slow login issues due to AD nesting, VMware recommends the following configuration limits:
Workaround:
To avoid slow login issues due to AD nesting, VMware recommends the following configuration limits:
- Maximum group nesting depth: 3.
- Maximum number of groups a user belongs to (including nested groups): 50.
Feedback
Yes
No
Powered by
