Try the fastest and simplest way to install ONLYOFFICE

LDAP Authentication is really slow

Tech support for Enterprise Version

LDAP Authentication is really slow

Postby dsi-lille » Tue Oct 04, 2016 6:54 am

Hi,

we have a problem with the LDAP authentication.
The authentication with an LDAP account can take up to 1min30s to allow the user to access the platform
With a local account, it's practically instantaneous.
I check logs from our LDAP server. This is the requests LDAP that OnlyOffice send to our ldap server

[29/Sep/2016:16:05:42 +0200] conn=17378148 op=1 msgId=142 - SRCH base="ou=personnels en,ou=ac-lille,ou=education,o=gouv,c=fr" scope=2 filter="(&(&(FrEduLilHabilitation=Grouper|app:escola:habil:utilisateurs))(mail=yoann.delattre@ac-lille.fr))" attrs="* entrydn entryuuid nsUniqueId guid"
[29/Sep/2016:16:05:42 +0200] conn=17378151 op=1 msgId=145 - SRCH base="ou=personnels en,ou=ac-lille,ou=education,o=gouv,c=fr" scope=2 filter="(&(&(entryuuid=2bf42381-fba511df-803cf8f9-bce87c14))(&(FrEduLilHabilitation=Grouper|app:escola:habil:utilisateurs)))" attrs="* entrydn entryuuid nsUniqueId guid"
[29/Sep/2016:16:06:48 +0200] conn=17380697 op=1 msgId=148 - SRCH base="ou=personnels en,ou=ac-lille,ou=education,o=gouv,c=fr" scope=2 filter="(&(&(nsUniqueId=2bf42381-fba511df-803cf8f9-bce87c14))(&(FrEduLilHabilitation=Grouper|app:escola:habil:utilisateurs)))" attrs="* entrydn entryuuid nsUniqueId guid"

Our ldap use nsUniqueId and not guid or entryuuid.
I think this is why the authentication is slow.

Is there a way to specify that we use only the nsUniqueId LDAP attribute and don't perform the request with the entryuuid/guid LDAP attributes ?

Thanks,
Yoann
dsi-lille
 
Posts: 95
Joined: Mon Jul 11, 2016 1:47 pm

Re: LDAP Authentication is really slow

Postby dsi-lille » Tue Oct 04, 2016 6:54 am

Answer from Eugenie :

ONLYOFFICE LDAP request just check the indicated attributes, if any of attribute are missed, it skips them. So it cannot cause the issue.

Probably the issue is connected with a complex filter or with many users who are under this filter. The problem can be connected with the net transfer. Please do the following to check the issue: create a request to LDAP server with this filter using any other third-party program and see how long it will be executed.
dsi-lille
 
Posts: 95
Joined: Mon Jul 11, 2016 1:47 pm

Re: LDAP Authentication is really slow

Postby dsi-lille » Tue Oct 04, 2016 7:46 am

I use a third-party program to check how long this requests will be executed :

(&(&(FrEduLilHabilitation=Grouper|app:escola:habil:utilisateurs))(mail=yoann.delattre@ac-lille.fr))
(&(&(entryuuid=2bf42381-fba511df-803cf8f9-bce87c14))(&(FrEduLilHabilitation=Grouper|app:escola:habil:utilisateurs)))
(&(&(nsUniqueId=2bf42381-fba511df-803cf8f9-bce87c14))(&(FrEduLilHabilitation=Grouper|app:escola:habil:utilisateurs)))

All this requests are perform in less than one second.

Thanks,
Yoann
dsi-lille
 
Posts: 95
Joined: Mon Jul 11, 2016 1:47 pm

Re: LDAP Authentication is really slow

Postby dsi-lille » Mon Oct 10, 2016 7:29 am

Hi,

any news about this ?

Thanks,
Yoann.
dsi-lille
 
Posts: 95
Joined: Mon Jul 11, 2016 1:47 pm

Re: LDAP Authentication is really slow

Postby Eugenie » Tue Oct 11, 2016 1:29 pm

Yoann,

We cannot reproduce the issue on our side, the problem can be in the whole data base you try to upload using LDAP. Probable there are huge contacts or something prevents the correct work. We need the data base as we can detect the issue.
Eugenie
 
Posts: 134
Joined: Mon Aug 25, 2014 10:11 am

Re: LDAP Authentication is really slow

Postby dsi-lille » Wed Oct 19, 2016 9:00 am

Eugenie,

what i said cause the issue.
When a user login, OnlyOffice looks for this attributes (in this order) to find the user in a LDAP : entryUuid, nsUniqueId and then guid.
If entryUuid return nothing,it search nsUniqueId and if nsUniqueId is empty it search guid.

If your LDAP use entryUuid, it's normal and logic that you don't have this issue.

If community server enterprise use approximatively the same code that the opensource version, this piece of code prove it : https://github.com/ONLYOFFICE/Community ... er.cs#L145

If i refer to this code, i can use a parameter (ldap.unique.id) and force OnlyOffice to use directly nsUniqueId attribute.
So i set ldap.unique.id directly in the web.appsettings.config of the community server container and this works !

Now LDAP authentication is practically instantaneous !

But, if i upgrade community-server my modification on the web.appsettings.config will disappear.

How can i do to set definitively this parameter ?

Thanks for your help,
Yoann.
dsi-lille
 
Posts: 95
Joined: Mon Jul 11, 2016 1:47 pm

Re: LDAP Authentication is really slow

Postby dsi-lille » Wed Nov 02, 2016 8:05 am

Anyone ?

thanks,
Yoann
dsi-lille
 
Posts: 95
Joined: Mon Jul 11, 2016 1:47 pm

Re: LDAP Authentication is really slow

Postby dsi-lille » Mon Nov 07, 2016 11:03 am

An answer and a solution would be really appreciate :)

Thanks,
Yoann
dsi-lille
 
Posts: 95
Joined: Mon Jul 11, 2016 1:47 pm

Re: LDAP Authentication is really slow

Postby Maxim » Mon Nov 07, 2016 11:19 am

Hello!

Yes, your modifications on the web.appsettings.config will disappear when you upgrade community-server. Our developers are working on it. For now, there is only one way is to modify the web.appsettings.config yourselves.
Maxim
 
Posts: 777
Joined: Tue Oct 11, 2016 2:34 pm

Re: LDAP Authentication is really slow

Postby dsi-lille » Wed Nov 09, 2016 10:48 am

Hi,

thanks for your answer !

Yoann
dsi-lille
 
Posts: 95
Joined: Mon Jul 11, 2016 1:47 pm


Return to Enterprise Version

Who is online

Users browsing this forum: No registered users and 1 guest

cron