What are your authentication providers?
I suspect you aren't only using the embedded LDAP but maybe connected to a corporate LDAP or something like that?
Hi, we use corporate ldap authentication. In the providers list, I see; Default Authenticator and corporate active directory definition. Also, when I click Groups, I see all the defined group definitions within active directory, even I do not need lots of them. Actually, I try to understand these security settings on obiee. I question why the situation is like that, and better ways to get a better environment.
So I would bet the time you wait is weblogic querying the corporate active directory for any possible user existing there...
Ideally you must try to define active directory authentication provider with filters as close as possible to the list of users you are supposed to have in your system and not query everybody from every single branch of your AD and things like that as ... it takes time and is useless.
So you can maybe try to have a look in that direction?
Same for groups, try to filter your AD groups better to get only the groups you need.
Thx Gianni, but I am mixed at one point. You say that since all the users and groups are taken to the list (whole active directory), I wait a lot, but when I also use filter (selecting customize option) I am still waiting a lot to get the results. No change in time. And also, the problem is only on Users tab, Groups tab open quickly when I clicked it.
Ok, so few more questions: was it always as slow or changed lately?
Something happened/changed on the weblogic config or on the AD side?
Is cache set properly?
The "use filter" I guess it's maybe more an on-screen filter, but it still retrieve all the users first and display only some (didn't test to validate this point, just a guess based on how the filter can be written).
If you use a LDAP client with same settings is it faster? (a lot faster)
Exactly this issue happened to me in OBIEE 11.9 version. I will tell my two scenarios. Hope they will help you out.
1)One of my user is part of more groups in AD ( nested tree). After changing this setting to zero It was fast.
2) I am not sure If this is pertinent
Our AD team has created another isolated domain in AD, for which others have no access. When I logged into console and clicked on users weblogic is waiting reply from this isolated domain ( which it doesn't have access) for 20 to 30 minutes and showing results. I followed up with my corporate network team. They told this story of isolated domain which AD team never told us. Your best bet is to work with your corporate network team to trace communication between WebLogic and AD server. They can tell you exactly why it is taking lot of time using packet sniffer tools like Wireshark etc.
Please provide the AD provider configuration details erasing server name etc that will be helpful in determining what exactly is the issue.