4 Sep
2012
4 Sep
'12
2:50 p.m.
Hi. I have an Xwiki Enterprise 3.4 installation and I'm studying the
integration with LDAP.
I managed to configure the authentication, I created the users and
mapped the groups with the LDAP server.
But I noticed that the performance dropped dramatically when using
LDAP auth, in comparison with local users, specifically it takes
around 10 seconds to access a page (down from <3sec).
So, I started monitoring the traffic between the xwiki machine and the
LDAP machine with tshark and I noticed that every time I click a link
in xwiki, there is a lot of traffic with LDAP. Is there some way to
improve this behaviour (I really don't understand why xwiki needs to
talk with the LDAP server on every page request...)? I see that this
is not a new issue [1], [2]. I also tried setting
xwiki.authentication.always=0 in xwiki.cfg but I didn't notice any
change (it being set to 0 by default already...). Would upgrading to
the latest stable version improve the situation?
1. http://lists.xwiki.org/pipermail/users/2011-April/019745.html
2. http://jira.xwiki.org/browse/XWIKI-2516
Thanks for your time.
--
Fita Adrian
5 Sep
5 Sep
6:54 p.m.
New subject: [xwiki-users] xwiki talks with the LDAP server for every page access
Hi,
You are probably experiencing the issue describe in XWIKI-3469 (
http://jira.xwiki.org/browse/XWIKI-3469).
If you have usernames with dots and some flexibility on your LDAP, a
partial workaround could to add in xwiki.cfg:
xwiki.authentication.convertemail=2
This will convert usernames containing dots (and @), into usernames with
underscores (John.Doe => John_Doe).
Since this cleanup is done earlier, it may improve this issue if user
respect their name properly and your ldap is adapted.
Regards,
On Tue, Sep 4, 2012 at 2:50 PM, Adrian Fita <adrian.fita(a)gmail.com> wrote:
Hi. I have an Xwiki Enterprise 3.4 installation and
I'm studying the
integration with LDAP.
I managed to configure the authentication, I created the users and
mapped the groups with the LDAP server.
But I noticed that the performance dropped dramatically when using
LDAP auth, in comparison with local users, specifically it takes
around 10 seconds to access a page (down from <3sec).
So, I started monitoring the traffic between the xwiki machine and the
LDAP machine with tshark and I noticed that every time I click a link
in xwiki, there is a lot of traffic with LDAP. Is there some way to
improve this behaviour (I really don't understand why xwiki needs to
talk with the LDAP server on every page request...)? I see that this
is not a new issue [1], [2]. I also tried setting
xwiki.authentication.always=0 in xwiki.cfg but I didn't notice any
change (it being set to 0 by default already...). Would upgrading to
the latest stable version improve the situation?
1. http://lists.xwiki.org/pipermail/users/2011-April/019745.html
2. http://jira.xwiki.org/browse/XWIKI-2516
Thanks for your time.
--
Fita Adrian
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
--
Denis Gervalle
SOFTEC sa - CEO
eGuilde sarl - CTO
8:13 p.m.
New subject: [xwiki-users] xwiki talks with the LDAP server for every page access
Thanks for the suggestion, but it doesn't seem to help. The users in
my LDAP contain indeed a dot in the uid.
So, I put xwiki.authentication.convertemail=2 in xwiki.conf and
the authentication failed. I monitored the LDAP communication with the
"LDAP debugging" settings in
classes/logback.xml and noticed that the uid that is sent to LDAP
contains "_" instead of "." (dot).
So using this conf setting, would mean transforming the
uids in LDAP to a format with underscores ("_") instead of dots
("."),
which is not possible.
--
Fita Adrian
On Wed, Sep 5, 2012 at 7:54 PM, Denis Gervalle <dgl(a)softec.lu> wrote:
Hi,
You are probably experiencing the issue describe in XWIKI-3469 (
http://jira.xwiki.org/browse/XWIKI-3469).
If you have usernames with dots and some flexibility on your LDAP, a
partial workaround could to add in xwiki.cfg:
xwiki.authentication.convertemail=2
This will convert usernames containing dots (and @), into usernames with
underscores (John.Doe => John_Doe).
Since this cleanup is done earlier, it may improve this issue if user
respect their name properly and your ldap is adapted.
Regards,
On Tue, Sep 4, 2012 at 2:50 PM, Adrian Fita <adrian.fita(a)gmail.com> wrote:
Hi. I have an Xwiki Enterprise 3.4 installation
and I'm studying the
integration with LDAP.
I managed to configure the authentication, I created the users and
mapped the groups with the LDAP server.
But I noticed that the performance dropped dramatically when using
LDAP auth, in comparison with local users, specifically it takes
around 10 seconds to access a page (down from <3sec).
So, I started monitoring the traffic between the xwiki machine and the
LDAP machine with tshark and I noticed that every time I click a link
in xwiki, there is a lot of traffic with LDAP. Is there some way to
improve this behaviour (I really don't understand why xwiki needs to
talk with the LDAP server on every page request...)? I see that this
is not a new issue [1], [2]. I also tried setting
xwiki.authentication.always=0 in xwiki.cfg but I didn't notice any
change (it being set to 0 by default already...). Would upgrading to
the latest stable version improve the situation?
1. http://lists.xwiki.org/pipermail/users/2011-April/019745.html
2. http://jira.xwiki.org/browse/XWIKI-2516
Thanks for your time.
--
Fita Adrian
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
--
Denis Gervalle
SOFTEC sa - CEO
eGuilde sarl - CTO
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
6 Sep
6 Sep
10:15 a.m.
New subject: [xwiki-users] xwiki talks with the LDAP server for every page access
Le mercredi 5 septembre 2012, Adrian Fita a écrit :
Thanks for the suggestion, but it doesn't seem to
help. The users in
my LDAP contain indeed a dot in the uid.
So, I put xwiki.authentication.convertemail=2 in xwiki.conf and
the authentication failed. I monitored the LDAP communication with the
"LDAP debugging" settings in
classes/logback.xml and noticed that the uid that is sent to LDAP
contains "_" instead of "." (dot).
So using this conf setting, would mean transforming the
uids in LDAP to a format with underscores ("_") instead of dots
("."),
which is not possible.
This precisely the purpose of it. And this is what I mean by having some
flexibility with your LDAP.
The issue we have is that the username logged in by the LDAP authentication
differ from the username entered at the prompt. My suggested workaround
until a fix is available is therefore to avoid that discrepancy by
authenticating John_Doe when the user enter John.Doe .
You may use a different field in your LDAP to contain these modified names,
and configure XWiki to use that field to find the User DN. The
authentication may still be done against the same DN. But you need some
tuning and modification in your LDAP anyway.
Hope this helps,
--
Fita Adrian
On Wed, Sep 5, 2012 at 7:54 PM, Denis Gervalle <dgl(a)softec.lu> wrote:
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
--
Denis Gervalle
SOFTEC sa - CEO
eGuilde sarl - CTO
Hi,
You are probably experiencing the issue describe in XWIKI-3469 (
http://jira.xwiki.org/browse/XWIKI-3469).
If you have usernames with dots and some flexibility on your LDAP, a
partial workaround could to add in xwiki.cfg:
xwiki.authentication.convertemail=2
This will convert usernames containing dots (and @), into usernames with
underscores (John.Doe => John_Doe).
Since this cleanup is done earlier, it may improve this issue if user
respect their name properly and your ldap is adapted.
Regards,
On Tue, Sep 4, 2012 at 2:50 PM, Adrian Fita <adrian.fita(a)gmail.com>
wrote:
Hi. I have an Xwiki Enterprise 3.4 installation
and I'm studying the
integration with LDAP.
I managed to configure the authentication, I created the users and
mapped the groups with the LDAP server.
But I noticed that the performance dropped dramatically when using
LDAP auth, in comparison with local users, specifically it takes
around 10 seconds to access a page (down from <3sec).
So, I started monitoring the traffic between the xwiki machine and the
LDAP machine with tshark and I noticed that every time I click a link
in xwiki, there is a lot of traffic with LDAP. Is there some way to
improve this behaviour (I really don't understand why xwiki needs to
talk with the LDAP server on every page request...)? I see that this
is not a new issue [1], [2]. I also tried setting
xwiki.authentication.always=0 in xwiki.cfg but I didn't notice any
change (it being set to 0 by default already...). Would upgrading to
the latest stable version improve the situation?
1. http://lists.xwiki.org/pipermail/users/2011-April/019745.html
2. http://jira.xwiki.org/browse/XWIKI-2516
Thanks for your time.
--
Fita Adrian
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
--
Denis Gervalle
SOFTEC sa - CEO
eGuilde sarl - CTO
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
4446
days inactive
4448
days old
3 comments
2 participants
participants (2)
-
Adrian Fita -
Denis Gervalle