SSP:Unable to log in or experiencing long login delays to SSP after upgrading from 5.0 to 5.1 using an LDAP user.
search cancel

SSP:Unable to log in or experiencing long login delays to SSP after upgrading from 5.0 to 5.1 using an LDAP user.

book

Article ID: 421542

calendar_today

Updated On:

Products

VMware vDefend Firewall VMware vDefend Firewall with Advanced Threat Prevention

Issue/Introduction

  1. You upgraded to SSP 5.1.0 or installed SSP 5.1.0 and observe slow login times for LDAP user
  2. You upgraded to SSP 5.1.0 or installed SSP 5.1.0 and are unable to login with LDAP user after a long wait.

Environment

SSP 5.1.0

Cause

When an LDAP user logs in, the system performs a user lookup followed by a group membership search in Active Directory. As part of SSP 5.1, the group search was modified to use the recursive filter member:1.2.840.113556.1.4.1941 to support nested groups. This recursive filter significantly increases the search scope and query complexity, causing the group lookup to exceed 60 seconds in large or deeply nested AD environments. As a result, the LDAP authentication flow times out during the group search phase, leading to delayed or failed logins

Resolution

please contact Broadcom support for the resolution 

 

Additional Information

 Role binding for nested groups is not enabled by default. To activate this feature, please follow the specific configuration steps outlined in KB #428490  from SSP5.1.1 release 

Powered by Wolken Software