ActiveDirectory (LDAP) authentication very slow
Hi,
I'm running observium from the latest TurnKeyLinux distribution and I'm having some trouble getting the AD to work correctly. I have copied the configuration from this page: http://www.observium.org/wiki/Authentication_modules#Active_Directory And made modifications to match our environment (Changing the DN's, suffix, prefix, groups and changed the STARTTLS to FALSE). Our AD is based on Windows 2008R2 To get it working I installed the php5-ldap on the TurnKey distribution using the apt-get install command (and did nothing else than reboot). The normal mysql will let me login as intended (speedy and no delay) - but when switching to LDAP I initially couldn't login "Authentication Failed" until I removed the following line from the configuration file: $config['auth_ldap_group'] = array("CN=Observium Users,OU=Groups,DC=ad,DC=example,DC=com"); (I had of course modified it to math our configuration)
When removing the line I am able to login - but the login (and the following page loads) takes around 63 seconds.
My questions is:
* Why is the page load taking 60+ seconds when using LDAP OR how do I troubleshoot it (seems like a timeout situation)
* Why do I need to remove the "auth_ldap_group" line to get it to work? (not really important but nice to know)
Hope there is someone out that can help or point me in the right direction...
Best regards
Theis Andersen Samsig Senior Solution Architect
It seems that nobody has had this issue, so let me rephrase the question:
Does anyone have observium working with LDAP authentication (AD in particular)?
Best regards, Theis
From: Theis <tas@comit.dkmailto:tas@comit.dk> Date: tirsdag den 30. september 2014 22.42 To: "observium@observium.orgmailto:observium@observium.org" <observium@observium.orgmailto:observium@observium.org> Subject: ActiveDirectory (LDAP) authentication very slow
Hi,
I’m running observium from the latest TurnKeyLinux distribution and I’m having some trouble getting the AD to work correctly. I have copied the configuration from this page: http://www.observium.org/wiki/Authentication_modules#Active_Directory And made modifications to match our environment (Changing the DN’s, suffix, prefix, groups and changed the STARTTLS to FALSE). Our AD is based on Windows 2008R2 To get it working I installed the php5-ldap on the TurnKey distribution using the apt-get install command (and did nothing else than reboot). The normal mysql will let me login as intended (speedy and no delay) – but when switching to LDAP I initially couldn’t login “Authentication Failed” until I removed the following line from the configuration file: $config['auth_ldap_group'] = array("CN=Observium Users,OU=Groups,DC=ad,DC=example,DC=com"); (I had of course modified it to math our configuration)
When removing the line I am able to login – but the login (and the following page loads) takes around 63 seconds.
My questions is:
· Why is the page load taking 60+ seconds when using LDAP OR how do I troubleshoot it (seems like a timeout situation)
· Why do I need to remove the “auth_ldap_group” line to get it to work? (not really important but nice to know)
Hope there is someone out that can help or point me in the right direction…
Best regards
Theis Andersen Samsig Senior Solution Architect
Turnkey is pretty old, I think.
Most people here will be running the subscription version, which has quite a few fixes since the version in Turnkey.
adam.
------ Original Message ------ From: "Theis Andersen Samsig" tas@comit.dk To: "observium@observium.org" observium@observium.org Sent: 09/10/2014 17:13:53 Subject: Re: [Observium] ActiveDirectory (LDAP) authentication very slow
It seems that nobody has had this issue, so let me rephrase the question:
Does anyone have observium working with LDAP authentication (AD in particular)?
Best regards, Theis
From: Theis <tas@comit.dkmailto:tas@comit.dk> Date: tirsdag den 30. september 2014 22.42 To: "observium@observium.orgmailto:observium@observium.org" <observium@observium.orgmailto:observium@observium.org> Subject: ActiveDirectory (LDAP) authentication very slow
Hi,
I’m running observium from the latest TurnKeyLinux distribution and I’m having some trouble getting the AD to work correctly. I have copied the configuration from this page: http://www.observium.org/wiki/Authentication_modules#Active_Directory And made modifications to match our environment (Changing the DN’s, suffix, prefix, groups and changed the STARTTLS to FALSE). Our AD is based on Windows 2008R2 To get it working I installed the php5-ldap on the TurnKey distribution using the apt-get install command (and did nothing else than reboot). The normal mysql will let me login as intended (speedy and no delay) – but when switching to LDAP I initially couldn’t login “Authentication Failed” until I removed the following line from the configuration file: $config['auth_ldap_group'] = array("CN=Observium Users,OU=Groups,DC=ad,DC=example,DC=com"); (I had of course modified it to math our configuration)
When removing the line I am able to login – but the login (and the following page loads) takes around 63 seconds.
My questions is:
· Why is the page load taking 60+ seconds when using LDAP OR how do I troubleshoot it (seems like a timeout situation)
· Why do I need to remove the “auth_ldap_group” line to get it to work? (not really important but nice to know)
Hope there is someone out that can help or point me in the right direction…
Best regards
Theis Andersen Samsig Senior Solution Architect
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
Yes, we use LDAP auth with a Windows AD with no problem, login is instant.
/Markus
2014-10-09 18:13 GMT+02:00 Theis Andersen Samsig tas@comit.dk:
It seems that nobody has had this issue, so let me rephrase the question:
Does anyone have observium working with LDAP authentication (AD in particular)?
Best regards, Theis
From: Theis <tas@comit.dkmailto:tas@comit.dk> Date: tirsdag den 30. september 2014 22.42 To: "observium@observium.orgmailto:observium@observium.org" < observium@observium.orgmailto:observium@observium.org> Subject: ActiveDirectory (LDAP) authentication very slow
Hi,
I’m running observium from the latest TurnKeyLinux distribution and I’m having some trouble getting the AD to work correctly. I have copied the configuration from this page: http://www.observium.org/wiki/Authentication_modules#Active_Directory And made modifications to match our environment (Changing the DN’s, suffix, prefix, groups and changed the STARTTLS to FALSE). Our AD is based on Windows 2008R2 To get it working I installed the php5-ldap on the TurnKey distribution using the apt-get install command (and did nothing else than reboot). The normal mysql will let me login as intended (speedy and no delay) – but when switching to LDAP I initially couldn’t login “Authentication Failed” until I removed the following line from the configuration file: $config['auth_ldap_group'] = array("CN=Observium Users,OU=Groups,DC=ad,DC=example,DC=com"); (I had of course modified it to math our configuration)
When removing the line I am able to login – but the login (and the following page loads) takes around 63 seconds.
My questions is:
· Why is the page load taking 60+ seconds when using LDAP OR how do I troubleshoot it (seems like a timeout situation)
· Why do I need to remove the “auth_ldap_group” line to get it to work? (not really important but nice to know)
Hope there is someone out that can help or point me in the right direction…
Best regards
Theis Andersen Samsig Senior Solution Architect
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
Same here.
But then I wrote the most of the LDAP and all of the AD support. ;>
Tom
On 10/09/2014 06:39 PM, Markus Klock wrote:
Yes, we use LDAP auth with a Windows AD with no problem, login is instant.
/Markus
2014-10-09 18:13 GMT+02:00 Theis Andersen Samsig <tas@comit.dk mailto:tas@comit.dk>:
It seems that nobody has had this issue, so let me rephrase the question: Does anyone have observium working with LDAP authentication (AD in particular)? Best regards, Theis From: Theis <tas@comit.dk <mailto:tas@comit.dk><mailto:tas@comit.dk <mailto:tas@comit.dk>>> Date: tirsdag den 30. september 2014 22.42 To: "observium@observium.org <mailto:observium@observium.org><mailto:observium@observium.org <mailto:observium@observium.org>>" <observium@observium.org <mailto:observium@observium.org><mailto:observium@observium.org <mailto:observium@observium.org>>> Subject: ActiveDirectory (LDAP) authentication very slow Hi, I’m running observium from the latest TurnKeyLinux distribution and I’m having some trouble getting the AD to work correctly. I have copied the configuration from this page: http://www.observium.org/wiki/Authentication_modules#Active_Directory And made modifications to match our environment (Changing the DN’s, suffix, prefix, groups and changed the STARTTLS to FALSE). Our AD is based on Windows 2008R2 To get it working I installed the php5-ldap on the TurnKey distribution using the apt-get install command (and did nothing else than reboot). The normal mysql will let me login as intended (speedy and no delay) – but when switching to LDAP I initially couldn’t login “Authentication Failed” until I removed the following line from the configuration file: $config['auth_ldap_group'] = array("CN=Observium Users,OU=Groups,DC=ad,DC=example,DC=com"); (I had of course modified it to math our configuration) When removing the line I am able to login – but the login (and the following page loads) takes around 63 seconds. My questions is: · Why is the page load taking 60+ seconds when using LDAP OR how do I troubleshoot it (seems like a timeout situation) · Why do I need to remove the “auth_ldap_group” line to get it to work? (not really important but nice to know) Hope there is someone out that can help or point me in the right direction… Best regards Theis Andersen Samsig Senior Solution Architect _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
Thank you for the feedback.
Could it be that the "free" version is buggy and things have been fixed in the commercial edition?
\T
Sent from my iPhone
On 09/10/2014, at 18.40, Tom Laermans <tom.laermans@powersource.cxmailto:tom.laermans@powersource.cx> wrote:
Same here.
But then I wrote the most of the LDAP and all of the AD support. ;>
Tom
On 10/09/2014 06:39 PM, Markus Klock wrote: Yes, we use LDAP auth with a Windows AD with no problem, login is instant.
/Markus
2014-10-09 18:13 GMT+02:00 Theis Andersen Samsig <tas@comit.dkmailto:tas@comit.dk>: It seems that nobody has had this issue, so let me rephrase the question:
Does anyone have observium working with LDAP authentication (AD in particular)?
Best regards, Theis
From: Theis <tas@comit.dkmailto:tas@comit.dk<mailto:tas@comit.dkmailto:tas@comit.dk>> Date: tirsdag den 30. september 2014 22.42 To: "observium@observium.orgmailto:observium@observium.org<mailto:observium@observium.orgmailto:observium@observium.org>" <observium@observium.orgmailto:observium@observium.org<mailto:observium@observium.orgmailto:observium@observium.org>> Subject: ActiveDirectory (LDAP) authentication very slow
Hi,
I’m running observium from the latest TurnKeyLinux distribution and I’m having some trouble getting the AD to work correctly. I have copied the configuration from this page: http://www.observium.org/wiki/Authentication_modules#Active_Directory And made modifications to match our environment (Changing the DN’s, suffix, prefix, groups and changed the STARTTLS to FALSE). Our AD is based on Windows 2008R2 To get it working I installed the php5-ldap on the TurnKey distribution using the apt-get install command (and did nothing else than reboot). The normal mysql will let me login as intended (speedy and no delay) – but when switching to LDAP I initially couldn’t login “Authentication Failed” until I removed the following line from the configuration file: $config['auth_ldap_group'] = array("CN=Observium Users,OU=Groups,DC=ad,DC=example,DC=com"); (I had of course modified it to math our configuration)
When removing the line I am able to login – but the login (and the following page loads) takes around 63 seconds.
My questions is:
· Why is the page load taking 60+ seconds when using LDAP OR how do I troubleshoot it (seems like a timeout situation)
· Why do I need to remove the “auth_ldap_group” line to get it to work? (not really important but nice to know)
Hope there is someone out that can help or point me in the right direction…
Best regards
Theis Andersen Samsig Senior Solution Architect
_______________________________________________ observium mailing list observium@observium.orgmailto:observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
_______________________________________________ observium mailing list observium@observium.orgmailto:observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
_______________________________________________ observium mailing list observium@observium.orgmailto:observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
Yup. I think there have been quite a few LDAP related commits over the past few months.
Getting things fixed quickly is one of the main reasons to use the subscription version! :)
adam.
On 2014-10-09 22:50, Theis Andersen Samsig wrote:
Thank you for the feedback.
Could it be that the "free" version is buggy and things have been fixed in the commercial edition?
\T
Sent from my iPhone
On 09/10/2014, at 18.40, Tom Laermans <tom.laermans@powersource.cxmailto:tom.laermans@powersource.cx> wrote:
Same here.
But then I wrote the most of the LDAP and all of the AD support. ;>
Tom
On 10/09/2014 06:39 PM, Markus Klock wrote: Yes, we use LDAP auth with a Windows AD with no problem, login is instant.
/Markus
2014-10-09 18:13 GMT+02:00 Theis Andersen Samsig <tas@comit.dkmailto:tas@comit.dk>: It seems that nobody has had this issue, so let me rephrase the question:
Does anyone have observium working with LDAP authentication (AD in particular)?
Best regards, Theis
From: Theis <tas@comit.dkmailto:tas@comit.dk<mailto:tas@comit.dkmailto:tas@comit.dk>> Date: tirsdag den 30. september 2014 22.42 To: "observium@observium.orgmailto:observium@observium.org<mailto:observium@observium.orgmailto:observium@observium.org>" <observium@observium.orgmailto:observium@observium.org<mailto:observium@observium.orgmailto:observium@observium.org>> Subject: ActiveDirectory (LDAP) authentication very slow
Hi,
I’m running observium from the latest TurnKeyLinux distribution and I’m having some trouble getting the AD to work correctly. I have copied the configuration from this page: http://www.observium.org/wiki/Authentication_modules#Active_Directory And made modifications to match our environment (Changing the DN’s, suffix, prefix, groups and changed the STARTTLS to FALSE). Our AD is based on Windows 2008R2 To get it working I installed the php5-ldap on the TurnKey distribution using the apt-get install command (and did nothing else than reboot). The normal mysql will let me login as intended (speedy and no delay) – but when switching to LDAP I initially couldn’t login “Authentication Failed” until I removed the following line from the configuration file: $config['auth_ldap_group'] = array("CN=Observium Users,OU=Groups,DC=ad,DC=example,DC=com"); (I had of course modified it to math our configuration)
When removing the line I am able to login – but the login (and the following page loads) takes around 63 seconds.
My questions is:
· Why is the page load taking 60+ seconds when using LDAP OR how do I troubleshoot it (seems like a timeout situation)
· Why do I need to remove the “auth_ldap_group” line to get it to work? (not really important but nice to know)
Hope there is someone out that can help or point me in the right direction…
Best regards
Theis Andersen Samsig Senior Solution Architect
observium mailing list observium@observium.orgmailto:observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.orgmailto:observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.orgmailto:observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium _______________________________________________ observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
"It seems that nobody has had this issue, so let me rephrase the question:
Does anyone have observium working with LDAP authentication (AD in particular)?
Best regards, Theis"
I use ldap with eDirectory, works fine, just to validate the ldap module. I'm using port 389 tho, you may be using ssl, 636.
thanks
Peter Hine Senior Technical Support Engineer (Servers)
From: Theis Andersen Samsig tas@comit.dk To: "observium@observium.org" observium@observium.org Date: 10/10/2014 03:14 Subject: Re: [Observium] ActiveDirectory (LDAP) authentication very slow Sent by: "observium" observium-bounces@observium.org
********************************************************************** The information contained in this e-mail (including any attachments) is for the exclusive use of the addressee. If you are not the intended recipient please notify the sender immediately and delete this e-mail. It is noted that legal privilege is not waived because you have read this e-mail. **********************************************************************
Hi,
Yes, we are using it.
Regards
Adriaan Smuts Systems Administrator - Windows
Direct Line +27 21 464 9565 Reception 0861 555 222 Website www.webafrica.co.za
-----Original Message----- From: observium [mailto:observium-bounces@observium.org] On Behalf Of Peter.Hine@familycourt.gov.au Sent: Wednesday, October 15, 2014 12:12 AM To: Observium Network Observation System Subject: Re: [Observium] ActiveDirectory (LDAP) authentication very slow [SEC=UNCLASSIFIED]
"It seems that nobody has had this issue, so let me rephrase the question:
Does anyone have observium working with LDAP authentication (AD in particular)?
Best regards, Theis"
I use ldap with eDirectory, works fine, just to validate the ldap module. I'm using port 389 tho, you may be using ssl, 636.
thanks
Peter Hine Senior Technical Support Engineer (Servers)
From: Theis Andersen Samsig tas@comit.dk To: "observium@observium.org" observium@observium.org Date: 10/10/2014 03:14 Subject: Re: [Observium] ActiveDirectory (LDAP) authentication very slow Sent by: "observium" observium-bounces@observium.org
********************************************************************** The information contained in this e-mail (including any attachments) is for the exclusive use of the addressee. If you are not the intended recipient please notify the sender immediately and delete this e-mail. It is noted that legal privilege is not waived because you have read this e-mail. **********************************************************************
_______________________________________________ observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
participants (6)
-
Adam Armstrong -
Adriaan Smuts -
Markus Klock -
Peter.Hine@familycourt.gov.au -
Theis Andersen Samsig -
Tom Laermans