Improve performance in large Active Directory structures by changing search filters
KB002561
PRODUCT
Starting with the K2 blackpearl 4.7 May 2017 Cumulative Update, you can improve the performance of large Active Directory structures by modifying the filters used between Active Directory and K2. Use the steps below to change these filters in the HostServer.SecurityLabel table and on the AD Service 2 service instance.
Step 1: Modify your RoleInit settings
Add UseEndsWith, LoadSearchProperties, and AllowUPNInSamAccName role provider initialization settings to the [HostServer].[SecurityLabel] table located in the K2 database. When these settings are not defined, they default to:
- UseEndsWith = True
- LoadSearchProperties = True
- AllowUPNInSamAccName = False
- UseEndsWith = False
- LoadSearchProperties = True
- AllowUPNInSamAccName = False
- Open your [HostServer].[SecurityLabel] table and look for your K2 security label's roleprovider > init node. Add the settings as shown in the following example: <roleprovider>
<init>ADCache=0;LDAPPath=LDAP://DC=DENALLIX,DC=COM; UseEndsWith=False;LoadSearchProperties=True;AllowUPNInSamAccName=False; ResolveNestedGroups=False;IgnoreForeignPrincipals=False;IgnoreUserGroups=False; MultiDomain=False;OnlyUseSecurityGroups=False;LogLevel=Error;LogSize=0; DataSources=<DataSources><DataSource Path="LDAP://DC=DENALLIX,DC=COM" NetBiosName="DENALLIX" /></DataSources>;;</init> - Save the changes and restart your K2 service.
Step 2: Modify your AD Service 2 settings
- Open K2 Management > Integration > Service Instances and select Active Directory Service2
- Click Edit to modify the service keys
- Set UseEndsWith to False
- Set LoadSearchProperties to True
- Click the Refresh Service Instance button to activate these changes