The Search for an LDAP or AD Group Takes a Long Time Although There Are Few Groups

Publication Date:  2012-07-18 Views:  116 Downloads:  0
Issue Description

Although there are few groups on the LDAP server, the search for an LDAP group takes a long time.

Although there are few groups on the AD server, the search for an AD group takes a long time.

Alarm Information
None.
Handling Process
  • Cause one: The set range in the searching rule is too broad. As a result, a large number of repeated group names are returned by the LDAP server. The filtering implemented on the SVN3000 takes a long time.

     

    1. Log in to the Web-based NMS, and then click  in the Virtual Gateway List navigation tree to unfold the navigation node. Click External Group Configuration and the LDAP Group Management tab.
    2. Click the corresponding  of the group.
    3. Modify the searching rules. The searching conditions should be as specific as possible. In this manner, the time for group filtering can be reduced and the searching for unnecessary group information can be prevented.

     

  • Cause two: The main and backup LDAP servers are configured. The main LDAP server may fail to be connected, and thus query requests are sent to the backup LDAP server.

     

    1. Log in to the Web-based NMS, and then click System Maintenance in the System Management navigation tree. Click the Remote Test tab. The configuration page is displayed.
    2. Select Ping from the Network test drop-down list.
    3. Enter the IP address of the main LDAP server in IP address/Host name.
       NOTE:
      If you enter the host name for testing, you need to enter the name of the virtual gateway in Virtual gateway name of Advanced Parameter Options. Otherwise, the host name cannot be correctly resolved.
    4. Click Ping to check the network connection.
    If the main LDAP server cannot be pinged through, it indicates that there is no reachable route. Check whether the main LDAP server is normal. If the main LDAP server is restored to normal, the group search can be accelerated.
Root Cause
NOTE:
Since the cause and troubleshooting procedure for the time-consuming search for an AD group are similar to those for the time-consuming search for an LDAP group, the following takes LDAP as an example.

Cause one: The set range in the searching rule is too broad. As a result, a large number of repeated group names are returned by the LDAP server. The filtering implemented on the SVN3000 takes a long time.

Cause two: The main and backup LDAP servers are configured. The main LDAP server may fail to be connected, and thus query requests are sent to the backup LDAP server.

Suggestions
None.

END