Login as an AD-user to ENTM Web UI takes a noticeable amount of time.
Article ID: 35748
Updated On:
Products
CA Privileged Access Manager - Server Control (PAMSC)
CA Privileged Identity Management Endpoint (PIM)
Issue/Introduction
Logging into the Enterprise Management GUI with an Active Directory user store takes a long time.
Environment
All the ENTM / PAMSC versions with Active Directory integration as user store, published as of October 2023.
Cause
This behavior can be caused by various reasons, including the following.
- The user belongs to a large number of nested AD user groups with many members.
- Active Directory is spreading over several trees.
- SSL is used to connect to AD and to ENTM's JBoss server.
- The user has been authorized to many privileged accounts in ENTM.
Resolution
- If possible, simplify group assignments in AD for the ENTM user so the user is member of a few groups with few members only.
- Change the connection port number to 3268 (LDAP) or 3269 (LDAPs/SSL) for AD connection. Now SAM will search for Global Catalog.
- Configure ENTM so the My Privileged Accounts page does not automatically search upon login.
Additional Information
Active Directory and Active Directory Domain Services Port Requirements:
https://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx
How to Change the Active Directory port for Privileged Identity Manager:
https://knowledge.broadcom.com/external/article?articleId=190536
How to disable auto-loading of My Privileged Accounts Tab:
https://knowledge.broadcom.com/external/article?articleId=66633
https://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx
How to Change the Active Directory port for Privileged Identity Manager:
https://knowledge.broadcom.com/external/article?articleId=190536
How to disable auto-loading of My Privileged Accounts Tab:
https://knowledge.broadcom.com/external/article?articleId=66633
Feedback
Yes
No
Powered by
