PQ68115: ASSIGNING A USER TO A ROLE TAKES 15-20 MINUTES

 Fixes are available

4.0.6: WebSphere Application Server Version 4.0 Fix Pack 6
PQ68115, 4.0.5, LocalOS Authentication Long Search on NT Registry



APAR status
Closed as program error.

Error description
Security is enabled and LocalOS is used for
authentication.  The server is part of an NT domain.
Customer isn't certain of the number of users in the
domain, but estimates it at several thousand.  When
assigning a user to a role, it takes 15-20 minutes to
complete.  However, once added, authentication for the
user completes quickly.  Customer has a trace taken
during the assingment process and will send it to
weblev2.  He will also include the number of users in
the domain registry.
Local fix Problem summary
****************************************************************
* USERS AFFECTED: All WebSphere Application Server users who   *
*                 have enabled security and are LocalOS on     *
*                 NT or Windows 2000 operating systems.        *
****************************************************************
* PROBLEM DESCRIPTION: Assigning users to a role can take an   *
*                      excessive amount of time if the number  *
*                      of users defined on the system is       *
*                      large.                                  *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Assigning users to a role can take an excessive amount of time
if the number of users defined on the system is large.  The
reported example took 15-20 minutes per user with 3000 users
on the system which were defined on a remote Domain
Controller.
Problem conclusion
The problem was that the buffer size specified to get user
information as well as group information from NT Registry
using NT's APIs was very small(1024 bytes). Increasing
the buffer size to a value of 32768 bytes, resolved the
issue as it reduced the number of API calls needed to get
all users.  these API calls were taking an excessive
amount of time as it was to a remote Domain Controller.
Temporary fix
The customer has verified that the given fix (NTRegistry.dll)
has solved the performance problem. Now the performance
with respect to "assigning a user to a role" is very good.
Comments
APAR information
APAR number PQ68115
Reported component name WEBSPHERE AE NT
Reported component ID 5630A2201
Reported release 400
Status CLOSED PER
PE NoPE
HIPER NoHIPER
Submitted date 2002-11-11
Closed date 2002-12-12
Last modified date 2002-12-12

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Modules/Macros
SECURITY          

SRLS

Fix information
Fixed component name WEBSPHERE AE NT
Fixed component ID 5630A2201

Applicable component levels
R400 PSY    UP


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > General
Operating system(s):
Software version: 400
Software edition:
Reference #: PQ68115
IBM Group: Software Group
Modified date: Dec 12, 2002