Slow user login (and load) with LDAP authentication #26903

Open
cccaballero opened this Issue Jan 6, 2017 · 1 comment

Projects

None yet

2 participants

@cccaballero

Steps to reproduce

  1. Install 9.1.3 version on Debian 8
  2. Configure LDAP authentication

Expected behaviour

In version 7.0.4 (Debian 8 repository package) authenticate against LDAP fast, and user list in admin interface loads fast.

Actual behaviour

With a 200+ LDAP users:
Login with an LDAP user takes about 45 seconds, and the user list in admin interface takes too long to load (minutes)

Server configuration

Operating system: Debian 8

Web server: Apache 2.4.10

Database: MySQL 5.5.53

PHP version: 5.6.29

ownCloud version: 9.1.3

Updated from an older ownCloud or fresh install:

Where did you install ownCloud from:

Are you using an external user-backend, if yes which one: openLDAP

LDAP configuration

+------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Configuration                |                                                                                                                                                                                                                                                                                                                                                       |
+------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| hasMemberOfFilterSupport     |                                                                                                                                                                                                                                                                                                                                                       |
| hasPagedResultSupport        |                                                                                                                                                                                                                                                                                                                                                       |
| homeFolderNamingRule         |                                                                                                                                                                                                                                                                                                                                                       |
| lastJpegPhotoLookup          | 0                                                                                                                                                                                                                                                                                                                                                     |
| ldapAgentName                |                                                                                                                                                                                                                                                                                                                                                       |
| ldapAgentPassword            | ***                                                                                                                                                                                                                                                                                                                                                   |
| ldapAttributesForGroupSearch |                                                                                                                                                                                                                                                                                                                                                       |
| ldapAttributesForUserSearch  |                                                                                                                                                                                                                                                                                                                                                       |
| ldapBackupHost               |                                                                                                                                                                                                                                                                                                                                                       |
| ldapBackupPort               |                                                                                                                                                                                                                                                                                                                                                       |
| ldapBase                     | -------                                                                                                                                                                                                                                                                                                                                                |
| ldapBaseGroups               | -------                                                                                                                                                                                                                                                                                                                                                |
| ldapBaseUsers                | -------                                                                                                                                                                                                                                                                                                                                                |
| ldapCacheTTL                 | 600                                                                                                                                                                                                                                                                                                                                                   |
| ldapConfigurationActive      | 1                                                                                                                                                                                                                                                                                                                                                     |
| ldapEmailAttribute           | mail                                                                                                                                                                                                                                                                                                                                                  |
| ldapExperiencedAdmin         | 0                                                                                                                                                                                                                                                                                                                                                     |
| ldapExpertUUIDGroupAttr      | gid                                                                                                                                                                                                                                                                                                                                                   |
| ldapExpertUUIDUserAttr       | uid                                                                                                                                                                                                                                                                                                                                                   |
| ldapExpertUsernameAttr       | uid                                                                                                                                                                                                                                                                                                                                                   |
| ldapGroupDisplayName         | cn                                                                                                                                                                                                                                                                                                                                                    |
| ldapGroupFilter              | -------- |
| ldapGroupFilterGroups        | ------                                                                                                             |
| ldapGroupFilterMode          | 0                                                                                                                                                                                                                                                                                                                                                     |
| ldapGroupFilterObjectclass   |                                                                                                                                                                                                                                                                                                                                                       |
| ldapGroupMemberAssocAttr     | uniqueMember                                                                                                                                                                                                                                                                                                                                          |
| ldapHost                     | ---------                                                                                                                                                                                                                                                                                                                                           |
| ldapIgnoreNamingRules        |                                                                                                                                                                                                                                                                                                                                                       |
| ldapLoginFilter              | (&(|(objectclass=gosaMailAccount))(|(uid=%uid)(|(mailPrimaryAddress=%uid)(mail=%uid))(|(mail=%uid))))                                                                                                                                                                                                                                                 |
| ldapLoginFilterAttributes    | mail                                                                                                                                                                                                                                                                                                                                                  |
| ldapLoginFilterEmail         | 1                                                                                                                                                                                                                                                                                                                                                     |
| ldapLoginFilterMode          | 0                                                                                                                                                                                                                                                                                                                                                     |
| ldapLoginFilterUsername      | 1                                                                                                                                                                                                                                                                                                                                                     |
| ldapNestedGroups             | 0                                                                                                                                                                                                                                                                                                                                                     |
| ldapNoCase                   | 0                                                                                                                                                                                                                                                                                                                                                     |
| ldapOverrideMainServer       | 0                                                                                                                                                                                                                                                                                                                                                     |
| ldapPagingSize               | 500                                                                                                                                                                                                                                                                                                                                                   |
| ldapPort                     | 389                                                                                                                                                                                                                                                                                                                                                   |
| ldapQuotaAttribute           | Quota                                                                                                                                                                                                                                                                                                                                        |
| ldapQuotaDefault             | 1G                                                                                                                                                                                                                                                                                                                                                    |
| ldapTLS                      | 0                                                                                                                                                                                                                                                                                                                                                     |
| ldapUserDisplayName          | cn                                                                                                                                                                                                                                                                                                                                                    |
| ldapUserFilter               | (|(objectclass=inetOrgPerson))                                                                                                                                                                                                                                                                                                                      |
| ldapUserFilterGroups         |                                                                                                                                                                                                                                                                                                                                                       |
| ldapUserFilterMode           | 0                                                                                                                                                                                                                                                                                                                                                     |
| ldapUserFilterObjectclass    | inetOrgPerson                                                                                                                                                                                                                                                                                                                                      |
| ldapUuidGroupAttribute       | auto                                                                                                                                                                                                                                                                                                                                                  |
| ldapUuidUserAttribute        | auto                                                                                                                                                                                                                                                                                                                                                  |
| turnOffCertCheck             | 0                                                                                                                                                                                                                                                                                                                                                     |
+------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

No errors in log

@PVince81
Collaborator
@PVince81 PVince81 added the bug label Jan 10, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment