Search the VMware Knowledge Base (KB)
View by Article ID

Authentication with Active Directory is slow in VMware vRealize LogInsight 3.0 when users belong to multiple nested groups (2138356)

  • 0 Ratings

Symptoms

When users belong to multiple nested Active Directory groups, you experience these symptoms:

Cause

VMware vRealize Log Insight 2.0 and later supports integration with Active Directory for authentication. By default, Log Insight retrieves direct group membership of users when applying authorization policies.

The configuration option <ad-nested-groups value="true" /> enables traversal of all nested groups.

When Log Insight is configured to traverse nested groups, it recursively retrieves information about every group in the tree that a user is eventually a member of, which may take multiple minutes in a large environment.

Resolution

This is a known issue affecting VMware vRealize Log Insight 2.0, 2.5, and 3.0.

This issue is resolved in Log Insight 3.3 build 3571626, released 2016-03-01. New installations and upgrades will leverage LDAP_MATCHING_RULE_IN_CHAIN to query nested group membership. For more information, see the release notes.

To work around this issue:

  1. Create a new group for Log Insight users in Active Directory.
  2. Add desired users as direct members of the newly-created group.
  3. Disable nested group traversal by setting the configuration option <ad-nested-groups value="false" />.
For more information, see:

Additional Information

To be alerted when this article is updated, click Subscribe to Document in the Actions box.

For more information on nested groups in Active Directory, see the Microsoft TechNet article cc776499.

Note: The preceding link was correct as of November 26, 2015. If you find the link is broken, provide a feedback and a VMware employee will update the link.

See Also

Update History

03/01/2016 - Resolved in Log Insight 3.3

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 0 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 0 Ratings
Actions
KB: