LDAP (AD) Login takes [filtered out] secods

Home Forums Troubleshooting Generic Help LDAP (AD) Login takes [filtered out] secods

Viewing 13 posts - 1 through 13 (of 13 total)
  • Author
    Posts
  • #45026
    #63000
    Profile photo of abolfazl
    Anonymous

    double07, are you using LDAP authentication with any other service and can verify that it’s working correctly? What’s your configuration for LDAP authentication with Ajaxplorer? Maybe you have something wrong there… I don’t know, these are just ideas to look into. You might need to give a little more about your setup to go off of. The delay could be a DNS issue if that’s in the mix.

    The Ajaxplorer admin is a local user and so it’s not a surprise that it logs in right away; just points to the fact that there’s an issue with the LDAP config/settings.

    I have seen what you described with the username in the “logged as” but that was when my LDAP settings weren’t working right. Other than that I can’t say much about it.


    #63064
    Profile photo of abolfazl
    Anonymous

    Hi Kmauser… well ldap was working ok on our intranet login… either way I restarted the server ajaxplorer is hosted on which is difficult because it’s a production server and now the login is working very fast again. I’ll put it down to some apache session weirdness at this point I think.

    Thanks for your help.


    #63066
    Profile photo of abolfazl
    Anonymous

    Well spoke too soon, it’s happening again!

    Here’s my Auth config if that helps:
    “AUTH_DRIVER” => array(
    “NAME” => “multi”,
    “OPTIONS” => array(
    //”MODE” => “MASTER_SLAVE”,
    “MASTER_DRIVER” => ‘serial’,
    “SLAVE_DRIVER” => ‘ldap’,
    “USER_BASE_DRIVER” => “serial”,
    “USER_ID_SEPARATOR” => ‘_-_’,
    “TRANSMIT_CLEAR_PASS” => true,
    “DRIVERS” => array(
    “ldap” => array(
    “NAME” => “ldap”,
    “LABEL” => “Intranet Login”,
    “OPTIONS” => array(
    “LDAP_URL” => “ldap://192.168…..”,
    “LDAP_PORT” => “389”,
    “LDAP_USER” => “…”,
    “LDAP_PASSWORD” => ‘….’,
    “LDAP_USERATTR” => “samaccountname”,
    “AUTOCREATE_AJXPUSER” => true
    )
    ),
    “serial” => array(
    “NAME” => “serial”,
    “LABEL” => “Ajaxplorer”,
    “OPTIONS” => array(
    “LOGIN_REDIRECT” => false,
    “USERS_FILEPATH” => “AJXP_DATA_PATH/plugins/auth.serial/users.ser”,
    “AUTOCREATE_AJXPUSER” => false,
    “FAST_CHECKS” => false
    )
    )
    )
    )
    ),


    #63076
    Profile photo of Charles
    Charles
    Keymaster

    I doubt it has anything to do with your config, would suspect the underlying php/ldap connexion…. Can you reproduce the problem on a non-production server on which I could take an eye?


    Charles, Pydio author - doing my best to help !
    If you like the software or want to say thanks, pay by a tweet, mention #pydio or follow us

    #63102
    Profile photo of abolfazl
    Anonymous

    @double07, I’m going to ask a lot of questions – so please forgive me as some of these are to clarify things for me or they’re things you have probably already thought to investigate – but if you’re able to talk/walk through it with us and/or charles is able to take a look we all can figure it out together.

    So, to start off, can you describe your LDAP setup some more? Do you have a really big directory tree? What are you running this on: Linux/Mac/Windows? What version of LDAP are you using? You’re using the same settings between the intranet login for LDAP and Ajaxplorer LDAP authentication, aren’t you? (Dumb/annoying question, I know…)

    Is ajaxplorer on the same host as your LDAP server? If so, have you tried using localhost rather than the IP address (192.168….)? If the settings aren’t the same as the intranet login, could there be any firewall issues?

    Do all your LDAP logins into Ajaxplorer take 30-40 seconds? In other words if the LDAP same user logs in, logs out, and logs in again, what happens? Is the second login any faster?

    Do you have any local ajaxplorer users that are the same as LDAP users?

    Can you rule out any DNS issues?


    #63108
    Profile photo of abolfazl
    Anonymous

    Weird… I came in this morning, worked fine for about 30 mins then went back to the long login.

    Bear with me guys, what I’m going to do is move this installation to a new server (which I intended to do anyway but I’ll bring it forward). It will take me a few days to organise but if it keeps happening on the new server then we can troubleshoot it further then.

    I’ll report back when it’s on the new server.

    Thanks for your assistance so far.


    #63538
    Profile photo of abolfazl
    Anonymous

    Any updates on this topic?


    #63732
    Profile photo of abolfazl
    Anonymous

    Appologies for the lack of updates on this issue. I finally managed to get it on a new box on Friday. It’s a similar, not quite identical box running Win7 + Wamp server.

    Unfortunately the 30-40 secs login perists a lot of the time on this box also. It works normally sometimes but not others, seems pretty random. When it takes a long time to login the user is logged in as “username” rather than “ldap_-_username” as mentioned before.

    Kmauser I’ll answer your questions as best I can:
    “So, to start off, can you describe your LDAP setup some more? Do you have a really big directory tree? What are you running this on: Linux/Mac/Windows? What version of LDAP are you using? You’re using the same settings between the intranet login for LDAP and Ajaxplorer LDAP authentication, aren’t you? (Dumb/annoying question, I know…)”

    It’s an Active Directory server hosted on a separate Server 2008 box on the same network. The intranet server where ajaxplorer is hosted is running Win7 Pro + WAMP server (Apache 2.2, PHP 5.3.13). Yes we’re using the same settings between the intranet server and ajaxplorer config.

    “Is ajaxplorer on the same host as your LDAP server? If so, have you tried using localhost rather than the IP address (192.168….)? If the settings aren’t the same as the intranet login, could there be any firewall issues?”

    No ajaxplorer is installed on a different server to the LDAP/AD server.

    “Do all your LDAP logins into Ajaxplorer take 30-40 seconds? In other words if the LDAP same user logs in, logs out, and logs in again, what happens? Is the second login any faster?”

    It depends, it seems random, most of the time logging out and loggin back in results in a 30-40 second login period. Then all of a sudden it will start working normally for everyone for a while then it stops again.

    “Do you have any local ajaxplorer users that are the same as LDAP users?”

    No.

    “Can you rule out any DNS issues? “

    Well I have it set to connect to IP address so not sure if relevant?

    Thanks.


    #63920
    Profile photo of abolfazl
    Anonymous

    Any feedback on this? Since moving to the new server the ldap login takes more like 1.5 minutes!


    #109742
    Profile photo of abolfazl
    Anonymous

    I am having a similar problem on a fresh installation. When I enable LDAP, it takes a couple of minutes for the “Test LDAP” to work and it comes back successful. I can login with a user from LDAP but it takes a couple of minutes. If I remove the LDAP authentication, everything is fast again with my database users.
    I have another PHP application using LDAP on a different server on the same subnet and through the same firewall and it’s very fast.
    php56u-ldap-5.6.30-2.ius.centos7.x86_64

    Dave Jones


    #109834
    Profile photo of abolfazl
    Anonymous

    I ran a tcpdump to a pcap file and opened it with Wireshark. The bindRequest, searchRequest, and searchRedEntry are successful in 5 ms but something is waiting on the Pydio server side for 127 seconds before the unbindRequest is issued and the connection closed.


    #109854
    Profile photo of abolfazl
    Anonymous

    Is there someone has free time to help me to open a Teamviewer so that I can do the debug with you?
    Please send me via tran@pydio.com


Viewing 13 posts - 1 through 13 (of 13 total)

The forum ‘Generic Help’ is closed to new topics and replies.