[horde] Performance Problem with LDAP Groups

Klaus Steinberger klaus.steinberger at Physik.Uni-Muenchen.DE
Thu Dec 29 11:07:09 UTC 2011


we discovered a massive performance problem with LDAP groups.

The main problem seems to be related to "attrisdn" parameter in the horde LDAP
groups settings. We need this setting as in Novell edirectory the group
membership is a full DN in the "member" attribute in the group.
It looks like horde scans for the group membership for every entry in a calender
which is shared by group.

A calender share with a reasonable number of entries takes minutes to show up if
shared by group.

A calender shared by user shows up more or less immediately.

The group caching in horde is switched on!

Second problem:  the search for the user DN uses the search base given by the
group driver parameters. So we have to use the full tree as search base inside
the group drivers. But as we have groups for many other purposes besides the
relevant part of the directory for horde, this deteriorates the problem
massively as many unneccessary groups are found.

So I think there should be somewhere also a parameter for the User Search base.

I also thought about switching to pam authentication to work around this
problem, but it looks like horde has no driver for reading groups from
/etc/group (or NSS) ?

I did setup a bug report about this problem, but got no answer until yet:
Ticket #10882

We would appreciate any help in this case, as it is currently our show stopper
for upgrading our webmail server for 3500 users from Horde 3 to Horde 4.


Rechnerbetriebsgruppe / IT, Fakultät für Physik
Klaus Steinberger
FAX: +49 89 28914280
Tel: +49 89 28914287
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x7FC1E68A.asc
Type: application/pgp-keys
Size: 6692 bytes
Desc: not available
URL: <http://lists.horde.org/archives/horde/attachments/20111229/90f00b6d/attachment-0001.bin>

More information about the horde mailing list