Following the changes in to support multiple LDAP servers, I've found that when Openfire is configured to use 2 LDAP servers, and the first is unreachable (in this case, because I was testing it, and switched that box off in AWS)
Under these conditions, performance is drastically affected.
Auth to Admin running locally takes around 5s
The first load of the Users & Groups page takes around 8 minutes (subsequent loads take around 10s)
Users cannot authenticate via Spark
Guus suggested I reduce the LDAP timeout from the default of 10s. Setting it to 1.5s led to much more favourable (although still slow)
- 75s to load Users & Groups (4s for subsequent loads)
User can authenticate via Spark
The user population in these tests was around 15 LDAP users.
Windows Openfire server, Active Directory
I've done some more testing at different values of ldap.connectionTimeout
Conditions:
ldap.hosts is comma separated list of 2 servers, the first of which is switched off
User population in the ldap.baseDN is 15 users from tricky-ad-users, plus 2 more AD users and 1 AD SG (with those 2 users as members)
Spark runs locally on my machine, Openfire server is in AWS Ireland, I'm using residential broadband - "representative" enough for Openfire general community?
At 10000ms (the default)
Admin Login took 28s, 10s for subsequent logins
Users/Groups took 8.8mins first load, 40s subsequent load
Spark fails to login
At 5000ms
Admin Login took 10s, 5s for subsequent logins
Users/Groups took 4.3mins first load, 10s subsequent load
Spark fails to login
At 3000ms
Admin Login took 6.3s, 3s for subsequent logins
Users/Groups took 2.7mins first load, 6s subsequent load
Spark successfully logs in
At 4000ms
Admin Login took 8.2s, 4s for subsequent logins
Users/Groups took 3.3mins first load, 8s subsequent load
Spark successfully logs in