Nov 23, 2016

AAA: LDAP Group caching issue

We have two AAA profiles using LDAP that are configured exactly alike - with the exception that one of them points towards an LDS (Lightweight Directory Services) server and the other points towards an AD (Active Directory) server.


The issue is that the AAA profile that goes to AD is able to successfully cache groups. However, the AAA server that points towards LDS is unable to cache groups. It is however able to successfully authenticate users, so we know it works. The larger issue here is that when LDS is populated with thousands of users, we get an error that the size returned is too large and we are then unable to authenticate to LDS. Our work around is that we can hopefully cache everything on F5 but so far haven't had any success.