I’ve searched and found a few topics on this but did not seem to find a real solution.
Using: rhel+openldap w/proxy configuration to active directory.
Problem: first login takes 30-40 seconds.
I’ve tweaked the ldap caches as best I could but it still seems to not matter. I can run ldapsearch on the rhel host directly and they take seconds (5 or so) but openfire seems to take a LOT longer.
Actually to be clear, this is not only just the single first user login. It happens after a period of time. I am guessing some cache lifetime has expired and it refreshes from the ldap database (user/groups?).
Is there a way to alter this cycle? Make it longer? I’ve poked around and can’t seem to find a cache period option in the settings.
I had 2 users login, 2 minutes apart and both of them got the delayed login. Server has been up for 23+ hours. I’ll continue poking around.
I’ve performed a few more tests and it seems to indicate that “groups” might be the problem. I have 2-3 groups, with 400ish members each. When someone logs in (every 2-3 minutes) that person gets 15-20 second login. When I clear out those groups they get in immediately.
I will see the above when I logout for apparently every single user in the group I am in (right now im the only one testing this server). Right now that group is about 1k users… I am trying to figure out why this thing takes a minute+ to login.
Actually this appears to not be when a user logs out. I logged in with a second account after a long idle period and it did the same thing. My guess is it’s updating the group list?
Whenever it happens it takes a minute or so to login.