Symptom
FME Server performance is slow when Active Directory security is enabled, particularly in large organizations with complex Active Directory structures.
Cause
When Active Directory security is enabled, requests to FME Server are authenticated by mapping Active Directory security groups to FME Server roles. FME Server locates the relevant Active Directory security group using the distinguished name (DN) of the domain on which FME Server resides. By default, this DN corresponds to the defaultNamingContext attribute of the RootDSE. However, the FME Server-related security groups typically reside in directories underneath RootDSE. To authenticate requests, FME Server must therefore navigate the Active Directory structure to locate these security groups. In organizations with complex Active Directory structures, this process may compromise performance.
Resolution
Using the SECURITY_AD_NAMING_CONTEXT parameter in fmeServerConfig.txt, you can direct FME Server to a different base context of your Active Directory structure from which to authenticate requests.
Open
/Server/
fmeServerConfig.txt, located in the Server folder of your FMEServer installation directory. Under the Authentication heading (located under FME SERVER SETTINGS START, near the end of the file), add SECURITY_AD_NAMING_CONTEXT on a new line, and specify the DN of the base context from which to authenticate requests.
For example:
SECURITY_AD_NAMING_CONTEXT=OU=Security Groups,OU=XYZ Company,DC=XYZ,DC=internal
Another possible reason for having slow performance when using Active Directory security could be related to setting FME Server to automatically detect Active Directory. To manually set the Active Directory connection settings, open the following configuration file:
For FME Server 2014 SP3 and newer:
/Server/
fmeCommonConfig.txt
For FME Server 2014 SP2 and older:
/Server/
fmeServerConfig.txt
Follow the instructions for providing the host and port for your Active Directory in the Connecting to Active Directory section of the documentation. If you are still having issues visit the documentation for Troubleshooting Active Directory Configurations.
Comments
0 comments
Please sign in to leave a comment.