LDAP (AD) Login takes [filtered out] secods
March 17, 2013 at 8:58 pm #45026
Had ajaxplorer working near perfectly until late last week… Noticed some encoding wasn’t set right in PHP/repository setup so I fixed that (just changed to UTF-8). Now the after submitting the LDAP/AD login credentials it just sits there for about 30-40 seconds before logging in and everything works OK. I tried reversing the encoding changes but that didn’t make any difference so I suspect it wasn’t anything to do with that. Also, if I login as the ajaxplorer admin it works straight away.
Browser debug just show’s it’s waiting for response. Though I have LDAP login working on intranet site located on same server which signs in instantly so I don’t think it’s a connection issue between web server and ldap server.
I’ve also noticed some times when it does eventually login, “logged as” doesn’t show up correctly either it just shows “logged as username” but should say “logged as ldap_-_username”. Possibly related when this happens the POST request for login never actually completes (according to firebug) even though it still logs in?
Anybody have any ideas?
March 17, 2013 at 11:14 pm #63000
double07, are you using LDAP authentication with any other service and can verify that it’s working correctly? What’s your configuration for LDAP authentication with Ajaxplorer? Maybe you have something wrong there… I don’t know, these are just ideas to look into. You might need to give a little more about your setup to go off of. The delay could be a DNS issue if that’s in the mix.
The Ajaxplorer admin is a local user and so it’s not a surprise that it logs in right away; just points to the fact that there’s an issue with the LDAP config/settings.
I have seen what you described with the username in the “logged as” but that was when my LDAP settings weren’t working right. Other than that I can’t say much about it.
March 18, 2013 at 6:35 pm #63064
Hi Kmauser… well ldap was working ok on our intranet login… either way I restarted the server ajaxplorer is hosted on which is difficult because it’s a production server and now the login is working very fast again. I’ll put it down to some apache session weirdness at this point I think.
Thanks for your help.
March 18, 2013 at 9:04 pm #63066
Well spoke too soon, it’s happening again!
Here’s my Auth config if that helps:
“AUTH_DRIVER” => array(
“NAME” => “multi”,
“OPTIONS” => array(
//”MODE” => “MASTER_SLAVE”,
“MASTER_DRIVER” => ‘serial’,
“SLAVE_DRIVER” => ‘ldap’,
“USER_BASE_DRIVER” => “serial”,
“USER_ID_SEPARATOR” => ‘_-_’,
“TRANSMIT_CLEAR_PASS” => true,
“DRIVERS” => array(
“ldap” => array(
“NAME” => “ldap”,
“LABEL” => “Intranet Login”,
“OPTIONS” => array(
“LDAP_URL” => “ldap://192.168…..”,
“LDAP_PORT” => “389”,
“LDAP_USER” => “…”,
“LDAP_PASSWORD” => ‘….’,
“LDAP_USERATTR” => “samaccountname”,
“AUTOCREATE_AJXPUSER” => true
“serial” => array(
“NAME” => “serial”,
“LABEL” => “Ajaxplorer”,
“OPTIONS” => array(
“LOGIN_REDIRECT” => false,
“USERS_FILEPATH” => “AJXP_DATA_PATH/plugins/auth.serial/users.ser”,
“AUTOCREATE_AJXPUSER” => false,
“FAST_CHECKS” => false
March 19, 2013 at 5:02 am #63076
I doubt it has anything to do with your config, would suspect the underlying php/ldap connexion…. Can you reproduce the problem on a non-production server on which I could take an eye?
Charles, Pydio author - doing my best to help !
If you like the software or want to say thanks, pay by a tweet, mention #pydio or follow usMarch 19, 2013 at 12:57 pm #63102
@double07, I’m going to ask a lot of questions – so please forgive me as some of these are to clarify things for me or they’re things you have probably already thought to investigate – but if you’re able to talk/walk through it with us and/or charles is able to take a look we all can figure it out together.
So, to start off, can you describe your LDAP setup some more? Do you have a really big directory tree? What are you running this on: Linux/Mac/Windows? What version of LDAP are you using? You’re using the same settings between the intranet login for LDAP and Ajaxplorer LDAP authentication, aren’t you? (Dumb/annoying question, I know…)
Is ajaxplorer on the same host as your LDAP server? If so, have you tried using localhost rather than the IP address (192.168….)? If the settings aren’t the same as the intranet login, could there be any firewall issues?
Do all your LDAP logins into Ajaxplorer take 30-40 seconds? In other words if the LDAP same user logs in, logs out, and logs in again, what happens? Is the second login any faster?
Do you have any local ajaxplorer users that are the same as LDAP users?
Can you rule out any DNS issues?
March 19, 2013 at 6:33 pm #63108
Weird… I came in this morning, worked fine for about 30 mins then went back to the long login.
Bear with me guys, what I’m going to do is move this installation to a new server (which I intended to do anyway but I’ll bring it forward). It will take me a few days to organise but if it keeps happening on the new server then we can troubleshoot it further then.
I’ll report back when it’s on the new server.
Thanks for your assistance so far.
April 8, 2013 at 12:57 pm #63538
Any updates on this topic?
April 21, 2013 at 9:36 pm #63732
Appologies for the lack of updates on this issue. I finally managed to get it on a new box on Friday. It’s a similar, not quite identical box running Win7 + Wamp server.
Unfortunately the 30-40 secs login perists a lot of the time on this box also. It works normally sometimes but not others, seems pretty random. When it takes a long time to login the user is logged in as “username” rather than “ldap_-_username” as mentioned before.
Kmauser I’ll answer your questions as best I can:
“So, to start off, can you describe your LDAP setup some more? Do you have a really big directory tree? What are you running this on: Linux/Mac/Windows? What version of LDAP are you using? You’re using the same settings between the intranet login for LDAP and Ajaxplorer LDAP authentication, aren’t you? (Dumb/annoying question, I know…)”
It’s an Active Directory server hosted on a separate Server 2008 box on the same network. The intranet server where ajaxplorer is hosted is running Win7 Pro + WAMP server (Apache 2.2, PHP 5.3.13). Yes we’re using the same settings between the intranet server and ajaxplorer config.
“Is ajaxplorer on the same host as your LDAP server? If so, have you tried using localhost rather than the IP address (192.168….)? If the settings aren’t the same as the intranet login, could there be any firewall issues?”
No ajaxplorer is installed on a different server to the LDAP/AD server.
“Do all your LDAP logins into Ajaxplorer take 30-40 seconds? In other words if the LDAP same user logs in, logs out, and logs in again, what happens? Is the second login any faster?”
It depends, it seems random, most of the time logging out and loggin back in results in a 30-40 second login period. Then all of a sudden it will start working normally for everyone for a while then it stops again.
“Do you have any local ajaxplorer users that are the same as LDAP users?”
“Can you rule out any DNS issues? “
Well I have it set to connect to IP address so not sure if relevant?
May 1, 2013 at 9:32 pm #63920
Any feedback on this? Since moving to the new server the ldap login takes more like 1.5 minutes!
May 5, 2017 at 9:34 pm #109742
I am having a similar problem on a fresh installation. When I enable LDAP, it takes a couple of minutes for the “Test LDAP” to work and it comes back successful. I can login with a user from LDAP but it takes a couple of minutes. If I remove the LDAP authentication, everything is fast again with my database users.
I have another PHP application using LDAP on a different server on the same subnet and through the same firewall and it’s very fast.
May 8, 2017 at 6:27 pm #109834
I ran a tcpdump to a pcap file and opened it with Wireshark. The bindRequest, searchRequest, and searchRedEntry are successful in 5 ms but something is waiting on the Pydio server side for 127 seconds before the unbindRequest is issued and the connection closed.
May 9, 2017 at 12:43 pm #109854
Is there someone has free time to help me to open a Teamviewer so that I can do the debug with you?
Please send me via firstname.lastname@example.org
The forum ‘Generic Help’ is closed to new topics and replies.