Login as an AD-user to ENTM Web UI takes a noticeable amount of time.

book

Article ID: 35748

calendar_today

Updated On:

Products

CA Privileged Access Manager - Server Control (PAMSC) CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction

Logging into the Enterprise Management GUI with an Active Directory user store takes a long time.

 

 

 

 

Cause

This behavior can be caused by various reasons, including the following.
  1. The user belongs to a large number of nested AD user groups with many members.
  2. Active Directory is spreading over several trees.
  3. SSL is used to connect to AD and to ENTM's JBoss server.
  4. The user has been authorized to many privileged accounts in ENTM.

Resolution

  1. If possible, simplify group assignments in AD for the ENTM user so the user is member of a few groups with few members only.
  2. Change the connection port number to 3268 (LDAP) or 3269 (LDAPs/SSL) for AD connection. Now SAM will search for Global Catalog.
  3. Configure ENTM so the My Privileged Accounts page does not automatically search upon login.

Additional Information

Active Directory and Active Directory Domain Services Port Requirements:
https://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx

How to Change the Active Directory port for Privileged Identity Manager:
https://knowledge.broadcom.com/external/article?articleId=190536

How to disable auto-loading of My Privileged Accounts Tab:
https://knowledge.broadcom.com/external/article?articleId=66633