[RTFACT-12365] Improve LDAP Group query speed for LDAP Login Created: 30/Aug/16 Updated: 14/Nov/17 Resolved: 29/Nov/16
|Project:||Artifactory Binary Repository|
|Affects Version/s:||4.11.0, 4.11.2, 4.12.0, 4.13.0, 4.14.0|
|Reporter:||Joshua Han||Assignee:||Yuval Reches|
Artifactory's Static group mapping strategy makes searches using a ldap query similar to below.
When a user has many groups and there is no room to optimize the filters anymore, then the login takes a long time to download ALL attributes of the groups that the search returns.
To enhance this, please make the Artifactory to search only for dn of the group instead of the entire attributes, similar to the query below
ldapsearch -xLLL -H "ldap://10.60.1.88:389" -b "ou=groups,dc=support,dc=sup-docker" "(&(objectClass=groupOfUniqueNames)(|(uniqueMember=uid=kwinters,ou=People,dc=support,dc=sup-docker)(uniqueMember=kwinters)))" dn
|Comment by Yeou-Fang Wang [ 30/Aug/16 ]|
It takes 30+ seconds for each login in our current Artifactory instance and it is getting worse as we add more LDAP groups. Sometimes users encounter timeout at around 60 seconds. This is really frustrating as people cannot log into Artifactory to get needed binaries for their daily work and it is frustrating for us to introduce Artifactory to other users. This could also impact the possibility to acquire other products from JFrog.
In our organization, LDAP group is used to control permissions for many other applications. There are about 5,000 LDAP groups and each person can belong to 30 to 100 LDAP groups. Please consider this a high priority item to fix. Thanks.