[horde] Performance Problem with LDAP Groups

Gunnar Wrobel wrobel at pardus.de
Tue Jan 3 09:21:38 UTC 2012


Hi Klaus,

Quoting Klaus Steinberger <klaus.steinberger at Physik.Uni-Muenchen.DE>:

> Hi,
>
> we discovered a massive performance problem with LDAP groups.
>
> The main problem seems to be related to "attrisdn" parameter in the  
> horde LDAP
> groups settings. We need this setting as in Novell edirectory the group
> membership is a full DN in the "member" attribute in the group.
> It looks like horde scans for the group membership for every entry  
> in a calender
> which is shared by group.
>
> A calender share with a reasonable number of entries takes minutes  
> to show up if
> shared by group.
>
> A calender shared by user shows up more or less immediately.
>
> The group caching in horde is switched on!

The group handling saw a major refactoring for Horde 4. Unfortunately  
the time was too short to get the caching back in. So your analysis is  
probably correct and you can expect some performance issues in that  
area. This is on our todo list.

>
> Second problem:  the search for the user DN uses the search base given by the
> group driver parameters. So we have to use the full tree as search  
> base inside
> the group drivers. But as we have groups for many other purposes besides the
> relevant part of the directory for horde, this deteriorates the problem
> massively as many unneccessary groups are found.
>
> So I think there should be somewhere also a parameter for the User  
> Search base.
>
> I also thought about switching to pam authentication to work around this
> problem, but it looks like horde has no driver for reading groups from
> /etc/group (or NSS) ?
>
>
> I did setup a bug report about this problem, but got no answer until yet:
> Ticket #10882

I'll comment on it now.

>
>
> We would appreciate any help in this case, as it is currently our  
> show stopper
> for upgrading our webmail server for 3500 users from Horde 3 to Horde 4.

While the topic is on our todo list it is not among the list of  
critical issues at the moment. If it is a really urgent issue for you  
it might make sense to fund the necessary development in that area  
(http://www.horde.org/services).

Cheers,

Gunnar

>
> Sincerly,
> Klaus
>
>
> --
> Rechnerbetriebsgruppe / IT, Fakultät für Physik
> Klaus Steinberger
> FAX: +49 89 28914280
> Tel: +49 89 28914287

-- 
Core Developer
The Horde Project

e: wrobel at horde.org
t: +49 700 6245 0000
w: http://www.horde.org

pgp: 9703 43BE
tweets: http://twitter.com/pardus_de
blog: http://log.pardus.de




More information about the horde mailing list