Advertisements

User having inconsistent login issues or user taking a long time to login or authenticate in OBIEE 11g

If you are using Active Directory for authentication for your OBIEE system, and are experiencing situations where some users are taking a long time to authenticate/login, then this post might be helpful.  This could also be useful for configuring LDAP systems other than Active Directory, but I cannot say for sure.

What could potentially be happening to users experiencing the problem is … they belong to Active Directory groups (or LDAP groups) with deep hierarchies, and the system has to traverse all those hierarchies to retrieve all their LDAP information which ends up taking quite a bit of time.  A possible solution is to limit the number of LDAP levels that will be searched/traversed to get the users Groups information.

Login to WebLogic Administration Console (aka WLS or Admin Console), then click on “Security Realms” on the left, and then click the name of the realm that you use for security (for example, “myrealm”).

WLS_SecurityRealm

Click the Providers tab.   And then click the name of your Active Directory provider.

WLS_SecurityProviders

Then select the Provider Specific tab.

ProviderSpecificSettings

Scroll down to the section titled “Groups”.

ProviderSpecific_Groups_parameters

Change the Group Membership Searching setting from unlimited to limited.

And then set Max Group Membership Search Level – change it from 0 (no limit) to 1 (or to the smallest number necessary for your environment).

This will prevent long searches for those users that are in many groups with deep hierarchies (such as groups within groups within groups and so on). This could cut the search time tremendously, thereby reducing the authentication time and preventing login timeouts.

Good luck!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: