Login into WebSphere Portal very slow with Sun ONE LDAP particularly when the user belongs to a group that has about thousands of users or more and the ldap is not providing you the capability to evaluate the group memberships from user object directly (nsRole:nsRole for SunONE directory if groups are created with Role inside SunONE ). For this case, group membership searches are performed by locating the user on the member list of groups and for some reason the search takes long time even though the attributes are indexed like uid or even the uniqueMemeber. In order to fix the problem please ask youe ldap administrator to do the following in the ldap instance,
1. create a file ldaptune.txt with the following:
dn: cn=config,cn=ldbm database,cn=plugins,cn=config
changetype: modify
replace: nsslapd-search-tune
nsslapd-search-tune: 49 2. Implement by running the below coomand:
ldapsearch -h -p -D "cn=directory manager" -w -f ldaptune.txt 3. Restart the LDAP instance
At this point, redo your search test. Search result time should be shorter. If you are still running into problems double check whether the parameter is set properly or contact Sun Support.
Info on the nsslapd-search-tune parameter can be viewed at:
http://blogs.sun.com/DirectoryManager/entry/the_truth_about_nsslapd_search