LDAP users experience slow NSX-T UI logins
search cancel

LDAP users experience slow NSX-T UI logins


Article ID: 326174


Updated On:


VMware NSX Networking


  • All NSX-T versions.
  • NSX-T uses LDAP directly integrated for RBAC role assignment.
  • Users that are part of a large number of AD groups, either directly or through nesting experience slow UI login.
  • User may be able to login┬ábut is logged out automatically after a few minutes


VMware NSX-T Data Center


Even though a user may be a direct member of a small number of AD groups, this may explode out to a large number with AD group nesting.
As part of the login process, NSX-T does a full recursive lookup of nested groups. This is expensive from a timing perspective and results in a delayed login.


This is a known issue affecting NSX-T Data Center.

To avoid slow login issues due to AD nesting, VMware recommends the following configuration limits:
  • Maximum group nesting depth: 3.
  • Maximum number of groups a user belongs to (including nested groups): 50.
Alternatively use vIDM as an Identity Source for NSX-T.