Ask Question
« General Questions on Nuxeo

Nuxeo 6.0 and LDAP Caching

Hello,

I'm using LDAP backend for user authentication described here.

I'm facing the following problem : Nuxeo 6.0-HF05 seems to not cache LDAP entries and make a lot of connections to LDAP server with every requests (WebDAV requests are very slow for example because of that). We don't have this beahviour with Nuxeo 5.6 where LDAP connections is limited and WebDAV access faster.

The log show a very lot of :

2015-03-11 14:25:23,222 DEBUG [http-bio-0.0.0.0-8080-exec-23] [org.nuxeo.ecm.directory.ldap.LDAPSession] LDAPSession.getLdapEntry(app_ad_admins, false): LDAP search base='dc=xxxxx,dc=xx' filter='(&(name={0})(&(&(objectClass=group))(name=*)))'  args='app_ad_admins' scope='2' [LDAPSession '602931589231417701' for directory groupLDAPDirectory]
2015-03-11 14:25:23,224 DEBUG [http-bio-0.0.0.0-8080-exec-23] [org.nuxeo.ecm.directory.ldap.LDAPSession] LDAPSession.getLdapEntry(app_ad_admins, false): LDAP search base='dc=xxxxx,dc=xx' filter='(&(name={0})(&(&(objectClass=group))(name=*)))'  args='app_ad_admins' scope='2' => found: CN=app_ad_admins,OU=xx,OU=xxxxxxxxxxx,DC=xxxxx,DC=xx [LDAPSession '602931589231417701' for directory groupLDAPDirectory]  
2015-03-11 14:25:23,224 DEBUG [http-bio-0.0.0.0-8080-exec-23] [org.nuxeo.ecm.directory.ldap.LDAPSession] LDAPSession.getLdapEntry(app_ad_admins, true): LDAP search base='dc=xxxxx,dc=xx' filter='(&(name={0})(&(&(objectClass=group))(name=*)))'  args='app_ad_admins' scope='2' [LDAPSession '602931597821352295' for directory groupLDAPDirectory]

Is there a parameter to force caching other than < cacheTimeout \> ? Thank you.

zyx974
Member (712)   1   4   5 		03/11/2015 ( History)
0 votes
1 answers
2626 views
ANSWER
ANSWERS

Hello, I found the solution.

In the contribution for LDAP users and groups the tags '

  • ldap-user-entry-cache
  • ldap-user-entry-cache-without-references
  • ldap-group-entry-cache
  • ldap-group-entry-cache-without-references

Or you can define your own custom caches with the following contribution:

<cache class="org.nuxeo.ecm.core.cache.InMemoryCacheImpl" name="your-ldap-user-entry-cache">
  <ttl>60</ttl><!-- minutes -->
  <option name="maxSize">100000</option>
  <option name="concurrencyLevel">500</option>
</cache>
<cache class="org.nuxeo.ecm.core.cache.InMemoryCacheImpl" name="your-ldap-user-entry-cache-without-references">
  <ttl>60</ttl><!-- minutes -->
  <option name="maxSize">100000</option>
  <option name="concurrencyLevel">500</option>
</cache>
<cache class="org.nuxeo.ecm.core.cache.InMemoryCacheImpl" name="your-ldap-group-entry-cache">
  <ttl>60</ttl><!-- minutes -->      
  <option name="maxSize">100000</option>
  <option name="concurrencyLevel">500</option>
</cache>
<cache class="org.nuxeo.ecm.core.cache.InMemoryCacheImpl" name="your-ldap-group-entry-cache-without-references">
  <option name="maxSize">100000</option>
  <ttl>60</ttl><!-- minutes -->
  <option name="concurrencyLevel">500</option>
 </cache>

zyx974
Member (712)   1   4   5 		03/17/2015 ( History)
0 votes
mhilaire
Hello, Yes you're right. I would recommend you to ease the migration, to use the builtin wizard in the 6.0 at the first start to generate properly the new configuration files. It will avoid this kind of issue.

Regards.

03/17/2015
Follow
Tags
Linked Questions
Related Questions
Nuxeo 7.10 ldap authentication
Ldap Autentication - Bind succeeded, authentication ok but Login failed for... Nuxeo-dm 5.4.2
Webdav + LDAP
[LDAPGroupDirectory] SubstringMatchType option
[Resolved] - Active Directory Authentification
creating groups fails with gidNumber: value #0 invalid per syntax
Exception fetching LDAP search result
can't list member of the group and groups of a member
Impossible de voir les le groupe d'un utilisateur LDAP