Logon on Enterprise Management Console is delayed

book

Article ID: 7015

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction

Customer add new AD server. 

So, he change AD server setting in ac-dir.xml from old machine to new machine. 

And then he has met the delayed login problem. when he login via ENTM console, it takes 50-65 seconds. 

 

Cause

Customer defined many customized Role and following many ActiveDirectory group at Member rule in each Roles:

 

<imsrule:MemberRule> 

  <Group name="CN=ADGROUP001,CN=Users,DC=testAD,DC=local"/> 

  <Group name="CN=ADGROUP002,CN=Users,DC=testAD,DC=local"/> 

  <Group name="CN=ADGROUP003,CN=Users,DC=testAD,DC=local"/> 

  ...

  <Group name="CN=ADGROUP098,.... 

</imsrule:MemberRule> 

 

When user login to ENTM server, PIM search role and check user has which role. 

It takes long time for searching. So, login is delayed. 

 

Environment

OS: Windows AllProd: CA Privileged Identity Manager r12.8 CF2 for SAM or later CDB: MS SQLServer or ORACLE User Store: Active Directory

Resolution

Create Container group for each Role's member.

for Example, 

 GGroup1

  + ADGROUP001

  + ADGROUP002

  + ADGROUP003

  ...

  + ADGROUP098

 

And Member rule defined as following:

<imsrule:MemberRule> 

  <Group name="CN=GGroup1,CN=Users,DC=testAD,DC=local"/> 

</imsrule:MemberRule>