Environment
NetIQ SecureLogin
NSL6.x
NSL7.x
Situation
LDAP lookup with SecureLogin takes too long
Resolution
Limit SecureLogin's LDAP lookup by eliminate wild card searches, and defining search attributes and / or search containers. (See sections 1.9 and 1.10 of TID 3790292 for more on seach attributes and contexts.) Experiment with the following registry keys to see which work best in your environment:
"DoNotUseWildCardinSearch" - REG_DWORD - 1.
"ContextBasedSearch" DWORD = 1 -------> This enables the context search.
"Context1" REG_SZ = "O=Whatever"
"Context2" REG_SZ = "OU=something,O=Whatever"
“Context3” ----> continue listing as many contexts as are desired, but to minimize search time list only what is needed.
"SearchAttributes" REG_SZ = cn
Note: any publicly readable attribute can be specified as a search attribute, for example "fullName", "givenName", "sn", "cn", "uid", separated by commas. To minimize search time, however, list as few attributes as are absolutely needed.
Also note that you do not need to provide " " while specifying the attribute entries.
Solution 2
Login with user's fully qualified distinguished name (fullDN ).
Rename or delete the registry entry: