Openfire first login slowwwww solution?

Mike_W · September 18, 2013, 6:15pm

I’ve searched and found a few topics on this but did not seem to find a real solution.

Using: rhel+openldap w/proxy configuration to active directory.

Problem: first login takes 30-40 seconds.

I’ve tweaked the ldap caches as best I could but it still seems to not matter. I can run ldapsearch on the rhel host directly and they take seconds (5 or so) but openfire seems to take a LOT longer.

Any suggestions?

Mike_W · September 19, 2013, 5:38pm

Actually to be clear, this is not only just the single first user login. It happens after a period of time. I am guessing some cache lifetime has expired and it refreshes from the ldap database (user/groups?).

Is there a way to alter this cycle? Make it longer? I’ve poked around and can’t seem to find a cache period option in the settings.

I had 2 users login, 2 minutes apart and both of them got the delayed login. Server has been up for 23+ hours. I’ll continue poking around.

Mike_W · September 19, 2013, 7:40pm

I’ve performed a few more tests and it seems to indicate that “groups” might be the problem. I have 2-3 groups, with 400ish members each. When someone logs in (every 2-3 minutes) that person gets 15-20 second login. When I clear out those groups they get in immediately.

Mike_W · September 24, 2013, 10:07pm

Why when a user logs out does openfire do this:

===================================

Sep 24 22:03:45 admin6 slapd[58677]: conn=1107 op=11954 SRCH attr=uid

Sep 24 22:03:45 admin6 slapd[58677]: conn=1107 op=11955 ABANDON msg=11955

Sep 24 22:03:45 admin6 slapd[58677]: conn=1107 op=11956 SRCH base=“dc=example,dc=com” scope=2 deref=3 filter="(&(cn=john w doe)(&(uid=)(uid=)))"

===================================

I will see the above when I logout for apparently every single user in the group I am in (right now im the only one testing this server). Right now that group is about 1k users… I am trying to figure out why this thing takes a minute+ to login.

Mike_W · September 24, 2013, 10:42pm

Actually this appears to not be when a user logs out. I logged in with a second account after a long idle period and it did the same thing. My guess is it’s updating the group list?

Whenever it happens it takes a minute or so to login.

Mike_W · September 30, 2013, 4:32pm

Guess no one else uses group/shared rosters with openfire and ldap. I’ll drop this… just does not work with acceptable delays.

speedy · September 30, 2013, 6:29pm

Is it slow if you eliminate the proxy? Is it slow if you only connect to AD or only to openlap

Mike_W · October 1, 2013, 4:12pm

Unfortunately my local LDAP db is so small it really is not a valid comparison. We have 5 local users and then 1300 proxied from AD.

I can use command line ldapsearch and get all 1300+ in about 5-8 seconds so I am fairly certain proxy is fine.