CRITICAL ISSUE - Updating to v7.3.19+ some of the ACI's are NOT working as expected

Problem statement:

After update to v7.3.19+ (patching from v7.3.X to v7.3.19+), some of the group based ACI's, password policies and limits are NOT working as expected.

Product(s) impacted: FID
Version(s) impacted: 7.3.19,7.3.20,7.3.21,7.3.22

Resolution Guidance:

Starting from v7.3.19, we have introduced a major ACI performance improvement fix. The fix involves eliminating unnecessary internal lookups to establish group membership checks, which can be performance intensive on large groups.
But, this fix needs to have the "Linked Attributes" feature enabled with backlink attribute "ismemberof/memberof" on the users linking with those Groups used in ACI's, password policies and limits.  Otherwise, the link is not established and the group based ACI's, password policies and limits may not work as expected. Make sure, you have the "ismemberof/memberof '' configured on the users in HDAP/Pcache linked to the Groups they belong to.
 
For more details on configuring this, please check our guide
RLI_HOME/Documentation/VDS/Namespace_Configuration_Guide.pdf
Section: Optimize Linked Attribute - page 78
 
Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Articles in this section

See more