Timeout error after enabling LDAP Nested search for Microsoft Active Directory

Once you enable Nested search option while searching the SCIM users or groups, the time taken for the SCIM API to response might be increased. As a result, sometimes you might see that the SCIM search returns empty or 504 Gateway timeout error in the logs.

Symptoms

Cause

Resolving the problem

  1. Increase the OCP (OpenShift Container Platform) route timeout by using the following code:

    oc -n <your-foundational-services-namespace> annotate route cp-console --overwrite haproxy.router.openshift.io/timeout=60s
    
  2. Disable the Nested search if it is not required. LDAP Nested Search can be a very expensive operation and it can go worse if the nesting level increases.