[dokuwiki] AUTH:AD very slow

• From: "Lindgren Daniel" <daniel.lindgren@xxxxxxxxxxxxx>
• To: <dokuwiki@xxxxxxxxxxxxx>
• Date: Mon, 7 Feb 2011 10:27:16 +0100

Hello.

We're in the process of upgrading from DW 2009-02-14 to 2010-11-07a.
We've used Kerberos authentication with SSO (with auth backend called
kerbsso) for a couple of years in our DokuWiki.

After upgrading a test wiki to 2010-11-07a and changing from
AUTH:KERBSSO to AUTH:AD the authentication performance dropped
significantly.

Here's an example of loading the first page in the wiki with auth:ad
(apologies for the long and probably mangled lines):

192.168.0.1 - - [07/Feb/2011:09:50:34 +0100] "GET / HTTP/1.1" 401 474
"http://wikitest/"; "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)"
192.168.0.1 - - [07/Feb/2011:09:50:35 +0100] "GET
/lib/plugins/indexmenu/indexmenu.js HTTP/1.1" 401 474 "http://wikitest/";
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET
CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)"
192.168.0.1 - user@xxxxxxxxxx [07/Feb/2011:09:50:35 +0100] "GET
/lib/plugins/indexmenu/indexmenu.js HTTP/1.1" 304 - "http://wikitest/";
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET
CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)"
192.168.0.1 - user@xxxxxxxxxx [07/Feb/2011:09:50:35 +0100] "GET
/lib/plugins/indexmenu/jsmenu/usrmenu.js HTTP/1.1" 304 -
"http://wikitest/"; "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)"
192.168.0.1 - user@xxxxxxxxxx [07/Feb/2011:09:50:35 +0100] "GET
/lib/tpl/default/images/buttonshadow.png HTTP/1.1" 304 -
"http://wikitest/"; "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)"
192.168.0.1 - user@xxxxxxxxxx [07/Feb/2011:09:50:35 +0100] "GET
/lib/tpl/default/images/inputshadow.png HTTP/1.1" 304 -
"http://wikitest/"; "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)"
192.168.0.1 - - [07/Feb/2011:09:50:34 +0100] "GET / HTTP/1.1" 200 10534
"http://wikitest/"; "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)"
192.168.0.1 - user@xxxxxxxxxx [07/Feb/2011:09:50:47 +0100] "GET
/lib/tpl/default/images/button-rss.png HTTP/1.1" 304 -
"http://wikitest/"; "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)"
192.168.0.1 - user@xxxxxxxxxx [07/Feb/2011:09:50:47 +0100] "GET
/lib/tpl/default/images/button-donate.gif HTTP/1.1" 304 -
"http://wikitest/"; "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)"

Notice the ~12 second delay before button-rss.png is loaded.

This is the same pageload with kerbsso:

192.168.0.1 - user@xxxxxxxxxx [07/Feb/2011:09:59:17 +0100] "GET
/lib/plugins/indexmenu/indexmenu.js HTTP/1.1" 304 - "http://wikitest/";
"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET
CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR
3.5.30729)"
192.168.0.1 - - [07/Feb/2011:09:59:17 +0100] "GET / HTTP/1.1" 200 10292
"http://wikitest/"; "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)"
192.168.0.1 - - [07/Feb/2011:09:59:17 +0100] "GET
/lib/plugins/indexmenu/jsmenu/usrmenu.js HTTP/1.1" 401 474
"http://wikitest/"; "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)"
192.168.0.1 - user@xxxxxxxxxx [07/Feb/2011:09:59:17 +0100] "GET
/lib/plugins/indexmenu/jsmenu/usrmenu.js HTTP/1.1" 304 -
"http://wikitest/"; "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)"
192.168.0.1 - user@xxxxxxxxxx [07/Feb/2011:09:59:17 +0100] "GET
/lib/tpl/default/images/buttonshadow.png HTTP/1.1" 304 -
"http://wikitest/"; "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)"
192.168.0.1 - user@xxxxxxxxxx [07/Feb/2011:09:59:17 +0100] "GET
/lib/tpl/default/images/inputshadow.png HTTP/1.1" 304 -
"http://wikitest/"; "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)"
192.168.0.1 - - [07/Feb/2011:09:59:17 +0100] "GET
/lib/tpl/default/images/button-rss.png HTTP/1.1" 401 474
"http://wikitest/"; "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)"
192.168.0.1 - user@xxxxxxxxxx [07/Feb/2011:09:59:17 +0100] "GET
/lib/tpl/default/images/button-php.gif HTTP/1.1" 304 -
"http://wikitest/"; "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)"
192.168.0.1 - user@xxxxxxxxxx [07/Feb/2011:09:59:17 +0100] "GET
/lib/tpl/default/images/button-donate.gif HTTP/1.1" 304 -
"http://wikitest/"; "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)"

No delay at all before button-rss.png is loaded.

This is local.protected.php with AUTH:AD activated (some data changed
for security reasons):

$conf['useacl']      = 1;
$conf['authtype']    = 'ad';
$conf['autopasswd']  = 0;
// AUTH:AD
$conf['auth']['ad']['account_suffix']     = '@domain.com';
$conf['auth']['ad']['base_dn']            = 'DC=domain,DC=com';
$conf['auth']['ad']['domain_controllers'] =
'server07.domain.com,server08.domain.com,server09.domain.com,server10.do
main.com';
$conf['auth']['ad']['ad_username']        = 'ldapuser';
$conf['auth']['ad']['ad_password']        = '<removed>';
$conf['auth']['ad']['sso']                = 1;
$conf['auth']['ad']['real_primarygroup']  = 0;
$conf['auth']['ad']['debug']              = 1;
$conf['auth']['ad']['recursive_groups']   = 1;
$conf['superuser'] = '@Domain_Admins';

I've tried using Firefox, no difference. Tried reverting to adLDAP 2.1
(the same version as kerbsso), no difference.

I'm testing on CentOS 5.5 with PHP 5.1.6 and Apache 2.2.3. SSO works,
but pages load much slower than with kerbsso.

Any ideas? 

Cheers,
Daniel

Other related posts:

• » [dokuwiki] AUTH:AD very slow - Lindgren Daniel
• » [dokuwiki] AUTH:AD very slow- Lindgren Daniel
• » [dokuwiki] Re: AUTH:AD very slow- Matthias Schulte

1. Home
2. dokuwiki
3. Archive
4. 02-2011

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---