Directory Sync in VMware Identity Manager Taking Excessive Time Due to High Object Count(Users and Directories)
Article ID: 379268
Updated On:
Products
Issue/Introduction
The directory sync process in VMware Identity Manager (vIDM) is running much longer than expected, with sync durations exceeding 50 minutes or more. The issue seems to be due to the large number of objects being synchronized (~100000+ users and Directories) and possible memory leaks. Although the sync completes successfully without errors, the prolonged runtime is impacting system performance. To understand the directory sync you can refer the follow logs path:/opt/vmware/horizon/workspace/logs/connector-dir-sync.log
Environment
VMware Identity Manager 3.3.x
Cause
The excessive runtime of the directory sync is primarily caused by:
High Object Count: The large number of users and Directories being synced (~100000+ objects) increases the time needed to fetch, process, and sync the directory information.
Potential Memory Leaks: Memory leak issues may be exacerbating the problem by affecting resource allocation and leading to inefficiencies in the sync process.
Resolution
To address the slow directory sync, the following steps are recommended:
Limit Sync Scope:
Use LDAP filters to reduce the number of synced objects by excluding unnecessary users/Directories.
Reference:Directory Sync
Increase Resource Allocation:
Increase the CPU, memory, and other relevant resources for the VMware Identity Manager node to handle the large directory sync more efficiently.
Ensure that the infrastructure hosting the vIDM service is properly scaled to manage high-volume directory syncs. VMware’s sizing recommendations should be reviewed to align resource provisioning with sync needs.
vIDM sizing guidelines
Feedback
