iChain and Access Manager users experience slow logins to LDAP server after upgrade to eDirectory 8.8

New versions of eDirectory (8.8 and 8.7.3.10) for security reasons have a built in a 3 second delay after a failed LDAP bind attempt. This will cause an iChain or Access Manager Identity Server box to have a slower resolution of the context the user resides in as it tests each context for the user. For each context that fails, the login will be 3 seconds longer. If the user's object is 5 contexts down in the LDAP context list, their login will take 12 seconds to happen. If the user's object is in the first container in the LDAP context list they will login immediately, as no failure will occur.

The default behavior of waitting 3 seconds before getting a response from your LDAP request can be changed to 0, which will fix the issue but create the security problem the change was meant to fix. To change this to 0:
Go into iMonitor on LDAP box with a web browser, https://:8009/nds
In the top left corner click the NDS iMonitor picture.
Click the radio button "Enabled" to enable Advanced Mode and then click submit.
Click the "Agent Configuration" button at the top.
On the left side, click the "Permanent Settings" hyper link.
On the left side, click the "Change" hyper link.
In the parameter Options sections, click the Type: drop down arrow and select "FAILED AUTH DELAY"
Change Value to 0.
Click the Save button.

Done. This setting is dynamic and will take effect as soon as the save button is clicked. This will have to be done to every LDAP server that iChain or the Novell Identity server will authenticate against.

Should there be any NMAS login methods or Universal Password configured on an ldap server the following steps are added to those mentioned above.

Added instructions for systems with NMAS configured. The steps for iMonitor are not sufficient if NMAS is enabled.