powered by Jive Software

LDAP (Active Directory) search issues

My group here is running into a problem with Active Directory and a relatively new Openfire installation on Solaris 10. The issue that we are seeing is that we are seeing response times of 40 minutes to over an hour when trying to see users in defined groups in Openfire. For example from the web front end for the server, we click on Users/Groups, click on Groups, enter in a group name in the Search by Name field, run the search, click on the group name, wait for 40 minutes to an hour, and get the listing of members in the group.

We enabled debug logging at a point when very little to no users where on to see how the searches where being executed and it looks like it is searching through the entire Active Directory tree. We know this since there are multiple log entries stating the search is querying groups that are not the same group as the one the web app is displaying as well as queries for users that are not even part of the group we are trying to display the members of from the web app.

Both of these tests where done in a production and test environment and we noted identical behavior. Has anyone run across this before with Openfire?

Thanks.

This could be caused by any number of things. You could have groups nested in groups (group members defined by groups), or your baseDN is too wide, you have a large number of nested OUs, etc.

Thanks for the reply Todd. Is there anything we can do to narrow down the issue? For example, are there any logging options that are available through the configuration xml file that we can put in place to give us more information in the debug logs?

Thanks again.