When experiencing slow login times, the application server log shows a long gap like the 8-second gap between lines 4 and 5, below.

3-20 10:58:20,860 DEBUG ims.llsdk.dirandenvcache.moAttrCache - findManagedObjectAttr: Found mo definition key for [1] in cache.> 

1. ####<Mar 20, 2016 10:58:20 AM CDT> <1458489500860> <BEA-000000> <2016-03-20 10:58:20,860 DEBUG ims.llsdk.directory.jndi.searcher - FINDOBJECTS FILTER=(###delegators=uid=<userID>,ou=people,ou=internal,o=abc#%$*)> 

2. ####<Mar 20, 2016 10:58:20 AM CDT> <1458489500860> <BEA-000000> <2016-03-20 10:58:20,860 DEBUG ims.llsdk.directory.jndi.searcher - VirtualListView is enabled, min sort rules is 0, overriding and setting it to 1> 

3. ####<Mar 20, 2016 10:58:20 AM CDT> <1458489500860> <BEA-000000> <2016-03-20 10:58:20,860 DEBUG ims.llsdk.dirandenvcache.moAttrCache - findManagedObjectAttr: Found mo definition key for [1] in cache.> 

4. ####<Mar 20, 2016 10:58:20 AM CDT> <1458489500861> <BEA-000000> <2016-03-20 10:58:20,861 DEBUG ims.llsdk.directory.jndi - Using ldapContext.> 

5. ####<Mar 20, 2016 10:58:28 AM CDT> <1458489508924> <BEA-000000> <2016-03-20 10:58:28,924 DEBUG ims.plugins.pluginmgr.environment.extreme - Getting plugins for environment "<Identity_ENV>" and key "HomePageDefinition".> 

6. ####<Mar 20, 2016 10:58:28 AM CDT> <1458489508924> <BEA-000000> <2016-03-20 10:58:28,924 DEBUG ims.plugins.pluginmgr.environment.extreme - Found 2 environment-specific plugins for this key.> 

7. ####<Mar 20, 2016 10:58:28 AM CDT> <1458489508924> <BEA-000000> <2016-03-20 10:58:28,924 DEBUG ims.plugins.pluginmgr.environment.extreme - Found 0 global plugins for this.> 

8. ####<Mar 20, 2016 10:58:28 AM CDT> <1458489508928> <BEA-000000> <2016-03-20 10:58:28,928 DEBUG ims.llsdk.dirandenvcache.moCache - findManagedObject: Found directory key for [1] in cache.> 

9. ####<Mar 20, 2016 10:58:28 AM CDT> <1458489508928> <BEA-000000> <2016-03-20 10:58:28,928 DEBUG ims.llsdk.dirandenvcache.moCache - findManagedObject: Walking list of 3 managed object definitions, looking for one with type: USER> 

10. ####<Mar 20, 2016 10:58:28 AM CDT> <1458489508928> <BEA-000000> <2016-03-20 10:58:28,928 DEBUG ims.llsdk.dirandenvcache.moCache - findManagedObject: Found type match with oid 1> 

11. ####<Mar 20, 2016 10:58:28 AM CDT> <1458489508928> <BEA-000000> <2016-03-20 10:58:28,928 DEBUG ims.llsdk.dirandenvcache.moCache - findManagedObject: Assigning to return and breaking out of loop> 

12. ####<Mar 20, 2016 10:58:28 AM CDT> <1458489508928> <BEA-000000> <2016-03-20 10:58:28,928 DEBUG ims.llsdk.dirandenvcache.moAttrCache - findManagedObjectAttr: Found mo definition key for [1] in cache.> 

13. ####<Mar 20, 2016 10:58:28 AM CDT> <1458489508929> <BEA-000000> <2016-03-20 10:58:28,929 DEBUG ims.llsdk.directory.jndi.createUserQAHang - JNDIBase.getObject looking for a USER named uid=<userID>,ou=people,ou=internal,o=abc>

Note that the ldap search query for the above operation includes the physical attribute ###delegators which is mapped to the well-known, %DELEGATORS%, attribute in the directory.xml (not shown):

SRCH base="o=abc" scope=2 filter="(&(###delegators=uid=<userID>,ou=people,ou=internal,o=abc#%$*)(&(objectClass=person)(objectClass=organizationalPerson)(objectClass=inetOrgPerson)(objectClass=abcperson)))" attrs="entrydn ###delegators" 

The LDAP queries check on delegated work items against the Task Persistence Store regardless of whether there are delegated work items, and the call gets more expensive with more data in the userstore if the %DELEGATORS% physical attribute is not indexed.

Identity Manager 14.x

Verify whether the %DELEGATORS% physical attribute is indexed. If not, index the physical attribute that is mapped to the %DELEGATORS% directory.xml well-known.

To check the physical attribute for "%DELEGATORS%", export UserStore.xml file and search for "%DELEGATORS", from the OOTB environment we have the following lines:

<ImsManagedObjectAttr physicalname="imDelegators" description="Delegators" displayname="Delegators" valuetype="String" multivalued="true" wellknown="%DELEGATORS%" maxlength="0" hidden="true" system="true">
            <DataClassification name="ignore_on_copy"/>
</ImsManagedObjectAttr>

So, the physical attribute name for "%DELEGATORS%" is imDelegators

The next step is to check if this attribute is indexed or not.

You need to check the .DXI file of your UserStore.

From Virtual Appliance environment the file is "/opt/CA/Directory/dxserver/config/servers/vapp144-UserStore_userstore-01.dxi"

From "vapp144-UserStore_userstore-01.dxi" file, searching from "set cache-index" we can find the following lines:

#set cache-attrs = all-attributes;
#set cache-index = all-attributes;
set cache-index-all-except = imPasswordData, imPasswordQandA, imEncryptedShadowPassword,imJpeg00, imJpeg01, imJpeg02, imJpeg03, imJpeg04, imCertificate00, imCertificate01, imBinary00, imBinary01, jpegPhoto;
set lookup-cache = true;

In the lines above, the set cache-index is commented, but "set cache-index-all-except" there are no "imDelegators" so we can say the %DELEGATORS% is indexed

No changes are needed.

Further information about set cache-index-all-except you can find in the link below:

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/directory/14-1/reference/commands-reference/set-cache-index-all-except-command-specify-attributes-not-to-index.html