0 votes

Hello,
We are using Adaxes' ADSI provider interface to interact with AD via web services. Our AD account has approximately 4000 active users, and most users have about 40 groups. We use group nesting to simplify AD administration. For example, we have a Managers group, and any security groups that we create that should only include Managers only have that group as a member. We have a custom authorization provider that will check if a user is a member of an application specific group and grant them permissions in the application based on that membership. However, our query to get group membership can take quite a while to run (we have a 1 min timeout on our TCP connection settings and we are exceeding that in some cases). When that timeout is exceeded, our tcp connection is closed by our application. However, we suspect the connection that Adaxes was using to communicate with AD (ldap_connection_pool) is not being released. Therefore, whenever one of these connections is closed by our application, that connection is never freed, and is not available until we restart the Adaxes services.

Our load is pretty high on this system, with, at times, more than 20,000 requests in an hour. We are using a WCF service to connect to Adaxes, and have it throttled to 5 instances of the service and 5 concurrent connections. We have 4 load-balanced Adaxes servers that are only used for our web services.

Please email me if you would like to see my GetGroupMembership method and my tcp connection settings. Thanks.

by (140 points)
0

Hello,

Yes, it would be nice to see the code of the GetGroupMembership method. Also, we'd like to see the code around calling it, if that's possible.

Also, how do you close TCP connections that exceed the 1 min timeout? Do you simply kill the thread that creates the connection or something else?

Please log in or register to answer this question.

Related questions

0 votes
1 answer

We are implementing the new version of LAPS built into Windows 10 with KB5025221. I've added the attribute to the Management Views for Computers, but the password is not being ... we have not loaded it into AD and plan to use the latest implementation of LAPS.

asked Jul 12, 2023 by jshields (20 points)
0 votes
1 answer

When I enable a scheduled task, instead of running at the scheduled time they all run imeadiately. This is not good behavior as changes are written in a way to reflect the ... is being enabled. I am hoping there is a powershell command to stop this behavoir.

asked Jul 10, 2023 by mightycabal (1.0k points)
0 votes
1 answer

We have a business rule that will update an AD attribute when a new member is added to a group. This business rule works when we use powershell commands or the admin console ... set to trigger "After adding a member to a group". Thank you for your support!

asked Mar 29, 2023 by mark.it.admin (2.3k points)
0 votes
1 answer

I created a group Business Rule that triggers "After adding or removing a member from a group". On its Activity Scope I added a test group, and set it for "The group ... does not trigger. What should I do to make the BR detect this (admittedly rare) case?

asked Mar 16, 2023 by alex.vanderwoude (60 points)
0 votes
1 answer

We have a Business rule that runs after successful user creation. It creates a EULA Word doc with the username and initial password for the new user. It was originally set as a ... , and I don't believe any changes have been made to the Adaxes setup...

asked Jul 8, 2020 by johnsonua (390 points)
3,548 questions
3,239 answers
8,232 comments
547,814 users