Notifications

3 views

 Symptoms

Group synchronization may not bring all group members for groups with a very large number of members.

 

Release

This issue is not release dependent.

 

Environment

ServiceNow instance is connected to an AD LDAP server cluster front ended by a load balancer.  In the ServiceNow instance, the LDAP record URL points to the Load balancer.

 

Cause

Load balancer does not have set 'Sticky session' set for connections.

When a large number of members is pulled for a group, the data is retrieved using paging mechanism. If the load balancer does not keep a sticky session, the connection may be routed to a different LDAP node during paging. As consequence inconsistencies like duplicate members and some missing members, were observed in data returned from LDAP.

 

Resolution

When a load balancer is used in front of a group of LDAP servers, setup the load balancer to use sticky session for the LDAP connections. 

 

 

Article Information

Last Updated:2019-02-25 06:26:28
Published:2019-02-22