Forum Discussion
David_Stout
Mar 27, 2012Nimbostratus
I didn't have that issue with the LDAP lookup. However I did things a little differently so it could scale a little better. The LDAP query is just a simple query of (sAMAccountName=%{session.logon.last.username}) against the top level domain.
When the query is run all the session parameters get populated by the query including the memberOf attribute. If you configure the groups membership checks within the LDAP Query check then the size of the box will increase everytime you add a new group to check against. So with 100 AD Group checks you have a box that has 100 lines out of it. This doesn't look good. Instead I have moved the Group Membership check to the a SINGLE resource assign box. I have attached a couple of screenshots on how I would recommend doing it.