[horde] Long Pause in AD Auth
Senandung Mendonan
mendonan at gmail.com
Thu Feb 23 19:55:08 PST 2006
Dear list,
I'm running Horde-3.1-RC3 on Apache-2.0.55, PHP-4.4.2, OpenLDAP-2.2.30 libs,
MySQL-4.1.16, on a FreeBSD-5.2.1 system. I authenticate straight to a remote
Active Directory Service running on an up-to-date Windows 2003 Server, in
order to take advantage of (1) AD Users and Groups Management & Permissions
Scheme for Shared Calendar etc. (2) AD Password Change via passwd module .
Authentication to Horde is OK, however, following each successful
authentication, Horde pauses for a few minutes (close to 5 minutes in some
cases!) before finally displaying the sidebar and portal layout. tcpdump and
Apache/PHP/Horde/MySQL logs on Horde server side yields nothing being sent
or received or in operation during this long pause. However prior to the
pause I detected some weird LDAP operation going on to subtree
CN=Configuration,DC=domain,DC=com.
I also discovered a few issues with certain Windows AD structure, and did
workarounds, as mentioned (along with my horde config) below. Appreciate any
pointers -- thanks.
My Horde Config (relevant/non-default ones only):-
$conf['auth']['params']['hostspec'] = '10.1.1.1';
$conf['auth']['params']['basedn'] = 'dc=domain,dc=com';
$conf['auth']['params']['binddn'] = 'cn=LDAP
Admin,cn=Users,dc=domain,dc=com';
$conf['auth']['params']['password'] = 'siamang';
$conf['auth']['params']['version'] = '3';
$conf['auth']['params']['ad'] = true;
$conf['auth']['params']['uid'] = 'samaccountname';
$conf['auth']['params']['encryption'] = 'msad';
$conf['auth']['params']['newuser_objectclass'] = array('top', 'person',
'organizationalPerson', 'user');
$conf['auth']['params']['objectclass'] = array('user');
$conf['auth']['params']['filter_type'] = 'objectclass';
$conf['auth']['params']['password_expiration'] = 'no';
$conf['auth']['driver'] = 'ldap';
In addition, my users are divided across different OU, so I had to set
basedn to the base DN (dc=domain,dc=com). In order to get horde AD
authentication to work I had to copy paste the referral rebinding stuff from
Horde LDAP prefs, as AD will return a referral back during initial search.
(Patch available upon request). However, this issue does not have anything
to do with the problem I'm facing (the long pause after authenticating), as
that happens regardless whether I set the basedn in the base DN (i.e. with
referral) or in a subtree (i.e. no referrals).
Thanks.
--
--mendonan
"Yang mimpikan secangkir kopi panas dengan selimut.."
(Dreaming of a cup of hot coffee, and a blanket..")
More information about the horde
mailing list