Environment:Environment:
******************************
• Using DevTest on release 10.5.0
• Server environment is running on Windows 2012 R2
• IAM Database is H2 (embedded database Keycloak uses)
Steps to Reproduce:
******************************
1. Added an LDAP System. Tested Connection and Authentication with no errors.
2. Defined LDAP Group Settings. Save.
3. Chose Sync LDAP Groups To Identity and Access Manager. No errors.
4. Navigated to Groups under Manage to view the synced LDAP groups and assign roles to the groups.
5. Choose the drop down and no Groups show.
6. There are 1677 groups so went back to Define LDAP Group Settings and entered in a filter. Save. No errors.
7. Chose Sync LDAP Groups To Identity and Access Manager again. No errors.
8. Went back to Groups to map roles and still nothing showed.
9. Restarted IAM and was not able to start IAM again.
Diagnostic Findings:
******************************
Too many groups being brought in when doing Sync.
Resolution:
*****************************
Renamed C:\Program Files\CA\DevTest10_5\IdentityAccessManager\standalone\data folder to C:\Program Files\CA\DevTest10_5\IdentityAccessManager\standalone\data_backup to start with a fresh IAM H2 database.
Started IAM service.
Reconfigured LDAP provider and under Group Settings added a filter to limit the number of Groups brought in when doing a sync.
Was able to only limit to 3 groups being brought in and then was able to map roles to the Groups.
Additional Information:*****************************When configuring LDAP with IAM, is is recommended to put a filter on the Group settings to limit the number if groups brought in, it can be thousands and can overload the database, especially when using the H2 (embedded) database of IAM.------------------------------
Technical Support Engineer III
Broadcom, Inc
------------------------------