Tickets :: [#10882] LDAP groups are not cached and there is no way to restrict the search base

6.0.0-beta1

7/6/25

Summary	LDAP groups are not cached and there is no way to restrict the search base
Queue	Kronolith
Queue Version	Git master
Type	Enhancement
State	Resolved
Priority	1. Low
Owners
Requester	Klaus.Steinberger (at) physik (dot) uni-muenchen (dot) de
Created	12/23/2011 (4944 days ago)
Due
Updated	06/13/2014 (4041 days ago)
Assigned	01/03/2012 (4933 days ago)
Resolved	06/13/2014 (4041 days ago)
Milestone
Patch	No

06/13/2014 11:10:02 AM	Jan Schneider	Comment #6 State ⇒ Resolved	Reply to this comment
See ~~bug #12128~~

01/03/2012 09:41:19 AM	Jan Schneider	Taken from Jan Schneider Version ⇒ Git master

01/03/2012 09:41:01 AM	Jan Schneider	Comment #5 Priority ⇒ 1. Low State ⇒ Accepted Type ⇒ Enhancement	Reply to this comment
The remaining issues are requests.

01/03/2012 09:40:14 AM	Git Commit	Comment #4	Reply to this comment
Changes have been made in Git for this ticket: Disable group caching flag (~~Bug #10882~~). 1 files changed, 3 insertions(+), 3 deletions(-) http://git.horde.org/horde-git/-/commit/bdcaaec38dc313dd380a09416b6511c7775861bb

01/03/2012 09:26:42 AM	Gunnar Wrobel	Comment #3	Reply to this comment
Original analysis probably correct as we do not have group caching back yet. A first step might be to comment out the group caching setting in conf.xml as it is irritating to users if this is available but not implemented. Second step would be to get the group caching from Horde 3 back in (do we have a reminder issue for that already? didn't find one). Third step: Parameter to restrict the search base.

01/03/2012 09:24:12 AM	Gunnar Wrobel	Comment #2 State ⇒ Assigned Summary ⇒ LDAP groups are not cached and there is no way to restrict the search base Assigned to Jan Schneider Priority ⇒ 1. Low	Reply to this comment
Assigning to Jan.

12/23/2011 09:12:01 AM	Klaus (dot) Steinberger (at) physik (dot) uni-muenchen (dot) de	Comment #1 Priority ⇒ 3. High Type ⇒ Bug Summary ⇒ Performance Problem with calender Shares Queue ⇒ Kronolith Milestone ⇒ Patch ⇒ No State ⇒ Unconfirmed	Reply to this comment
Hi, we discovered a massive performance problem with LDAP groups. The main problem seems to be related to "attrisdn" parameter in the horde LDAP groups settings. We need this setting as in Novell edirectory the group membership is a full DN in the "member" attribute in the group. It looks like horde scans for the group membership for every entry in a calender which is shared by group. a calender share with a reasonable number of entries takes minutes to show up. A calender shared by user do not show this problem. The group caching in horde is switched on! Second problem: the search for the user DN uses the search base given by the group driver parameters. so we have to use the full tree as search base inside the group drivers. But as we have groups for many other purposes besides the relevant part of the directory for horde, this deteriorates the problem massively as many unneccessary groups are found. So a first help would be to use the parameters from the LDAP configuration pane to search for the User DN instead of the parameters from the Group Pane. Attached is a wireshark dump.