We use active directory to authenticate users logging into our weblogic portal server. For some reason the membership query (query for retrieving members that a user is part of takes a very long time). The query format is

{baseObject=CN=Users,DC=Company,DC=com, scope=1, derefAliases=0,sizeLimit=0, timeLimit=0, attrsOnly=false, filter=(&(member=CN=portaluser,CN=Users,DC=Company,DC=com)( objectclass=group)), attributes=cn}.

This query takes atleast 5-7 seconds to return. Is there a way of optimising this query? I looked at an alternative to this, i.e., retrieving the memberOf attribute for an authenticated user. For example, the query:

{baseObject=CN=portaluser,DC=Company,DC=com, scope=0, derefAliases=0,sizeLimit=1000, timeLimit=0, attrsOnly=false, filter=(|(objectclass=*)(objectclass=ldapsubentry) ), attributes=memberOf}

returns the following response:
SearchResponse {entry='CN=portaluser,DC=Company,DC=com', attributes='LDAPAttribute {type='memberOf', values='CN=GROUP1,DC=Company,DC=com,CN=GROUP2,DC=C ompany,DC=com'}'}

However, the server does not parse the group names "GROUP1" and "GROUP2" out and the authenticator fails to authenticate the user.

Any suggestions on what can be done wither with the membership query or with the Dynamic group query?

Thanks
Prashanth