powered by Jive Software

Openfire first login slowwwww solution?

I’ve searched and found a few topics on this but did not seem to find a real solution.

Using: rhel+openldap w/proxy configuration to active directory.

Problem: first login takes 30-40 seconds.

I’ve tweaked the ldap caches as best I could but it still seems to not matter. I can run ldapsearch on the rhel host directly and they take seconds (5 or so) but openfire seems to take a LOT longer.

Any suggestions?

Actually to be clear, this is not only just the single first user login. It happens after a period of time. I am guessing some cache lifetime has expired and it refreshes from the ldap database (user/groups?).

Is there a way to alter this cycle? Make it longer? I’ve poked around and can’t seem to find a cache period option in the settings.

I had 2 users login, 2 minutes apart and both of them got the delayed login. Server has been up for 23+ hours. I’ll continue poking around.

I’ve performed a few more tests and it seems to indicate that “groups” might be the problem. I have 2-3 groups, with 400ish members each. When someone logs in (every 2-3 minutes) that person gets 15-20 second login. When I clear out those groups they get in immediately.

Why when a user logs out does openfire do this:


Sep 24 22:03:45 admin6 slapd[58677]: conn=1107 op=11954 SRCH attr=uid

Sep 24 22:03:45 admin6 slapd[58677]: conn=1107 op=11955 ABANDON msg=11955

Sep 24 22:03:45 admin6 slapd[58677]: conn=1107 op=11956 SRCH base=“dc=example,dc=com” scope=2 deref=3 filter="(&(cn=john w doe)(&(uid=)(uid=)))"


I will see the above when I logout for apparently every single user in the group I am in (right now im the only one testing this server). Right now that group is about 1k users… I am trying to figure out why this thing takes a minute+ to login.

Actually this appears to not be when a user logs out. I logged in with a second account after a long idle period and it did the same thing. My guess is it’s updating the group list?

Whenever it happens it takes a minute or so to login.

Guess no one else uses group/shared rosters with openfire and ldap. I’ll drop this… just does not work with acceptable delays.

Is it slow if you eliminate the proxy? Is it slow if you only connect to AD or only to openlap

Unfortunately my local LDAP db is so small it really is not a valid comparison. We have 5 local users and then 1300 proxied from AD.

I can use command line ldapsearch and get all 1300+ in about 5-8 seconds so I am fairly certain proxy is fine.