TIBCO Administrator does not create a copy of the user present in an LDAP directory. If TIBCO Administrator (or other TIBCO applications) requires LDAP user properties at runtime, TIBCO Administrator retrieves the properties directly from the LDAP directory and caches the properties in memory with a suitable expiry time. Group membership is also retrieved at runtime and cached in memory with a suitable expiry time.
If an LDAP directory server invocation error occurs, the complete error message displays on the console and is also written to the Administrator.log file so that you can manually recover and process the message. The log file is written in the
TIBCO_HOME/tra/domain/domain/logs folder.
For previous versions of Active Directory the search is limited to 1,000 entries. You can either raise this limit on your LDAP directory server using the ntdsutil utility that is part of Active Directory server, or specify multiple search parameters with smaller queries, as described in the last paragraph in this section.
If the page size limit, referred as MaxPageSize in the Active Directory installation, is configured with a non default value (other than 1000), an additional step must be performed for this feature to work correctly. The value can be viewed using the
ntdsutil utility. The following parameter must be set in the
AuthorizationDomain.properties file. The parameter must be set to the actual value of
MaxPageSize. For example:
You should also check the maximum value range limit, referred to as MaxValRange, in the Active Directory installation. This value can be viewed using the
ntdsutil utility. This value affects the search that retrieves membership of a Corporate Group. If this limit is configured with a non default value (other than 1000), the following parameter must be set in the
AuthorizationDomain.properties file. The parameter must be set to the actual value of
MaxValRange. For example: