Authentification with LDAP very slow

<%- if @topic_view.topic.tags.present? %>
<%= t 'js.tagging.tags' %>: <%- @topic_view.topic.tags.each do |t| %> <%= t %> <%- end %>
<% end %>

hello all
i had install librenms and when i used mysql authentification it was very fast to access to librenms but i used the ldap authentification and now is very very very slow to access to librenms
and And there is a lot of query between ldap serveur and librenms serveur
can you help me please
thank you

It’s expected to have a lot of calls to the LDAP server. It needs to query it to validate permissions and group membership. If your logins are slow then either the LDAP server is slow to respond or you have high latency between the LibreNMS server and the LDAP server.

Very very very slow is probably too slow :stuck_out_tongue:

Post here your LDAP configuration if you want to be sure (removing the confidential information).

hi @FTBZ no the ldap serveur is not slow because i use it with another application and is very fast

// Authentication Model
$config[‘auth_mechanism’] = ‘ldap’;
$config[‘allow_unauth_graphs’] = 1;
$config[‘auth_ldap_server’] = ‘ldap://ldapserveur.fr’;
$config[‘auth_ldap_port’] = 389;
$config[‘auth_ldap_starttls’] = FALSE;
$config[‘auth_ldap_prefix’] = ‘uid=’;
$config[‘auth_ldap_suffix’] = ‘,ou=Users,ou=People,dc=prd,dc=mutu,dc=fr’;
$config[‘auth_ldap_group’] = ‘cn=SECDOM0000046,ou=SECDOM,ou=HostAccess,ou=Groups,dc=prd,dc=mutu,dc=fr’;
$config[‘auth_ldap_groupbase’] = ‘ou=Groups,dc=prd,dc=met,dc=fr’;
$config[‘auth_ldap_groupmembertype’] = “fulldn”; // Available membertypes: ‘nodn’ (default, uses $username);
$config[‘auth_ldap_groupmemberattr’] = “uniqueMember”; // Use your unique attribute for username, example “uniqueMember”.
$config[‘auth_ldap_version’] = 3;
$config[‘auth_ldap_groups’][’’][‘level’] = 5;

The reason for this is that function getUserlist in LibreNMS/Authentication/LdapAuthorizer.php extract list of user of groups in $config[‘auth_ldap_groups’] by using menberof filter.

If menberof filter is not supported by ldap server, the function fallbacks to a process where all the user of ldap is parsed to know whether they are member of $config[‘auth_ldap_groups’]. Search for “// probably doesn’t support memberOf, go through all users, this could be slow in the code”

LDAP authentication needs to be rewritten

Fix works for me. @yac_w, please test it

Hello,

I have tested my fix successfully but I need somebody else to test the fix.

In order to test the code, assuming app is in /opt/librenms :
cp -p /opt/librenms/LibreNMS/Authentication/LdapAuthorizer.php /opt/librenms/LibreNMS/Authentication/LdapAuthorizer.php.old
wget https://raw.githubusercontent.com/louis-oui/librenms/ldap/LibreNMS/Authentication/LdapAuthorizer.php -O /opt/librenms/LibreNMS/Authentication/LdapAuthorizer.php

To revert change :
cp -p /opt/librenms/LibreNMS/Authentication/LdapAuthorizer.php.old /opt/librenms/LibreNMS/Authentication/LdapAuthorizer.php

There are scripts to test PRs: ./scripts/github-apply 10760 and to rollback to original code ./scripts/github-remove -d