Problem statement:
After update to v7.3.19+ (patching from v7.3.X to v7.3.19+), some of the group based ACI's, password policies and limits are NOT working as expected.
Product(s) impacted: | FID |
Version(s) impacted: | 7.3.19,7.3.20,7.3.21,7.3.22 |
Resolution Guidance:
Starting from v7.3.19, we have introduced a major ACI performance improvement fix. The fix involves eliminating unnecessary internal lookups to establish group membership checks, which can be performance intensive on large groups.
But, this fix needs to have the "Linked Attributes" feature enabled with backlink attribute "ismemberof/memberof" on the users linking with those Groups used in ACI's, password policies and limits. Otherwise, the link is not established and the group based ACI's, password policies and limits may not work as expected. Make sure, you have the "ismemberof/memberof '' configured on the users in HDAP/Pcache linked to the Groups they belong to.
For more details on configuring this, please check our guide
RLI_HOME/Documentation/VDS/Namespace_Configuration_Guide.pdf
Section: Optimize Linked Attribute - page 78
Comments
Please sign in to leave a comment.