Ldap server being pounded

Thanks for your help in advance!

I currently am using openfire 3.6.4 and I am having major lag issues and pounding queries to my domain controller. I am sure this has been occuring for a while but now just noticed it when running a sandbox on our production enviroment. In my test enviroment (which is a duplicate of production) I am using mysql as well as the ldap auth feature in open fire. Currently I have two users who only connect to the new openfire box built and get a average time of 15-5 minutes to receieve conversations.

Here is a debug log:

2010.05.27 09:19:22 LdapManager: Starting LDAP search…
2010.05.27 09:19:22 LdapManager: … search finished
2010.05.27 09:19:22 LdapManager: Creating a DirContext in LdapManager.getContext()…
2010.05.27 09:19:22 LdapManager: Created hashtable with context values, attempting to create context…
2010.05.27 09:19:22 LdapManager: … context created successfully, returning.
2010.05.27 09:19:22 LdapManager: Trying to find a groups’s DN based on it’s groupname. cn: Spark DS Marketing, Base DN: DC=redventures,DC=net…
2010.05.27 09:19:22 LdapManager: Creating a DirContext in LdapManager.getContext()…
2010.05.27 09:19:22 LdapManager: Created hashtable with context values, attempting to create context…
2010.05.27 09:19:22 LdapManager: … context created successfully, returning.
2010.05.27 09:19:22 LdapManager: Starting LDAP search…
2010.05.27 09:19:22 LdapManager: … search finished
2010.05.27 09:19:22 LdapManager: Trying to find a groups’s DN based on it’s groupname. cn: Spark DS Marketing, Base DN: DC=redventures,DC=net…
2010.05.27 09:19:22 LdapManager: Creating a DirContext in LdapManager.getContext()…
2010.05.27 09:19:22 LdapManager: Created hashtable with context values, attempting to create context…
2010.05.27 09:19:22 LdapManager: … context created successfully, returning.
2010.05.27 09:19:22 LdapManager: Starting LDAP search…
2010.05.27 09:19:22 LdapManager: … search finished

Someone simular is having issue and I found it out here:

http://www.igniterealtime.org/community/message/201922

I have tried the guide given and added a

ldap.encloseDNs false

under the system properties and still get the pounding. I can use tcpdump and get about 1000-+ in a minute or two once I start chatting.

I have also changed my base DN to not have " as for some reason the system added it before.

If anyone else has had this issue and found a solution please let me know. If you need additional log and information, this can be provided. I am using a sandbox so any ideas to try is great!

Thanks!

I know their isnt much support for this other than the forum. Does anyone know of a company\developer who would be willing to help with this as a paid side job ?

Here is some new information:

When I remove the packet filter rules I go from:

LdapRequest Responce time: 0 Queries : 1,714.4 CPU% 9.5

LdapRequest Responce time: 0 Queries: 12.6 CPU% 0.1

Has anyone seen this issue with this plugin before ?

Yep, started experiencing this same problem. Still trying to work through it.

Found a solution to this problem. Got in contact with the developer and he found a bug in the version that you can download. I have the new version and can send it over.

What was this fix? I’m seeing similar problems, and wondering if its related to the ever increasing memory usage im seeing, its like its going through the whole LDAP register and trying to cache every entry or something…

Hopefully you can see this. This is the path to the new packetfilter - This fixed my issue. There was a bug in the code on 2.0.2 that didnt allow the queries to get cached which would create the issues above. This has been fixed with the below .jar. This is from the developer who did an outstanding job fixing this.

Thanks!

NEWpacketFilter.jar

wow swift answer!! thanks!

bug in code on 2.0.2? what version is this related to? I thought it was 3.6.4 or is 2.0.2 some component version? also, where does this jar go? or is it an executable jar to do the update?!

thanks!!

This is related to the packetfilter plugin. If you arent using it this wont help you. Rename NewpacketFilter to PacketFilter than upload it on your plugin tab on the web interface. The current plugin is 2.0.2 this is 2.0.3.