I am experiencing performance issues on a Sitecore Intranet Portal installation that relate to the GetUser method of the domain (Extranet). The extranet domain contains roughly about 800 users and calling Sitecore.Context.Domain.GetUser(userName) takes about 12 seconds at very least. Using a direct login model to authenticate the user against the Active Directory (LDAP) takes almost 60 seconds just to get the user logged in.
Any tips on performance tuning users in Sitecore 5.3? Is there a point when the number of users become to many for Sitecore to be efficient?
I know LDAP can be very slow, if you don't assign what kind of connection it should use (ssl, signing etc). Then it'll try to negotiate with the AD which kind of connection it should use and that can be very slow.
We had an issue with a customer that had this problem and the login went from 20+ seconds to about 1 second.
So if you're using your own LDAP module or similiar that could be the case.
If you are using Sitecore LDAP module, I dunno if you can set it up.
Since I didn't create that fix and am not very proficient in AD I'm not suer what to do, but maybe the following code can help you:
var connection = new LdapConnection(d);
connection.SessionOptions.SecureSocketLayer = false;
NetworkCredential nw = new NetworkCredential(username, password);
connection.AuthType = AuthType.Negotiate;
connection.SessionOptions.Signing = true;
connection.SessionOptions.Sealing = true;
connection.Bind(nw)
I hope that helps.
This looks old to answer. but AD Ldap module is using the same binding you mentioned here.
Related
ISSUE: Grails ADMIN logs in via LDAP but no other account does.
System = Win 7, grails 2.2.1, Active Dir lightweight
I have created a simple grails default application, installed the latest grails spring security and ldap plugins. I then followed the following tutorial to configure the spring security setup. Tutorial located at http://blog.springsource.com/2010/08/11/simplified-spring-security-with-grails/
Anyway got spring security working fairly fast, next step was setting up LDAP to use the anonymousAuthenticationProvider so my grails app would log in without checking its own DB for passwords, only LDAP. I am using windows Active Directory. Anyway, followed this configuration setup http://grails-plugins.github.io/grails-spring-security-ldap/docs/manual/guide/2.%20Usage.html . All seems to start fine, except the only user that seems to log in correctly is admin, no other user works. I get a can not find user with that username / password error. I have added error, warn and info log output for spring security but does not seem to give much info at all except for the admin account which actually works. I verified it works as I gave the spring security db password a different password to the ldap password, and once the ldap was configured the only password that worked for the admin was the ldap one. Unfortunately no other users worked though.
Here is my grails config:
// Added by the Spring Security Core plugin:
grails.plugins.springsecurity.userLookup.userDomainClassName = 'org.example.SecUser'
grails.plugins.springsecurity.userLookup.authorityJoinClassName = 'org.example.SecUserSecRole'
grails.plugins.springsecurity.authority.className = 'org.example.SecRole'
grails.plugins.springsecurity.ldap.context.managerDn = 'CN=admin,OU=people,OU=imApp,DC=example,DC=org'
grails.plugins.springsecurity.ldap.context.managerPassword = 'password'
grails.plugins.springsecurity.ldap.context.server = 'ldap://localhost:55000/'
grails.plugins.springsecurity.ldap.authorities.ignorePartialResultException = true
grails.plugins.springsecurity.ldap.search.base = 'OU=people,OU=imApp,DC=example,DC=org'
grails.plugins.springsecurity.ldap.search.filter='uid={0}' //ad use sAMAccountName instead of uid
grails.plugins.springsecurity.ldap.search.searchSubtree =true
grails.plugins.springsecurity.ldap.auth.hideUserNotFoundExceptions= false
grails.plugins.springsecurity.ldap.search.derefLink = true
// specify this when you want to skip attempting to load from db and only use LDAP
grails.plugins.springsecurity.providerNames = ['ldapAuthProvider', 'anonymousAuthenticationProvider']
grails.plugins.springsecurity.conf.ldap.authorities.retrieveGroupRoles = false
grails.plugins.springsecurity.conf.ldap.authorities.retrieveDatabaseRoles = false
//grails.plugins.springsecurity.ldap.authorities.groupSearchBase = 'ou=groups,ou=imApp,dc=mcommunity,dc=org'
//role specific ldap config
grails.plugins.springsecurity.ldap.useRememberMe = false
I have tried a few variations of this config, for example it says Active Dir requires sAMAccountName as the search.filter but when I use this no accounts work, if i comment it out completely it works as already memntioned, admin logs in but no other account does. If I remove the springsecurity.providerNames the app starts but uses DB as password auth provider. I came across some blogs mentioned removing password for model class and db, or making it null-able which I tried but had no effect on outcome.
My Active Dir structure is as follows:
DC=example,dc=org
OU=imApp
OU=groups
OU=people
CN=admin user CN=admin,OU=people,OU=imApp,DC=example,DC=org
CN=user1 user CN=user1,OU=people,OU=imApp,DC=example,DC=org
CN=LostAndFound
CN= NTDS Quotas
CN=Roles
I have given each account a LDAP password, and added a parameter uid matching that of their username (CN). I have not used a Custom UserDetailsContextMapper, just default. However, I did try a Custom UserDetailsContextMapper and just came across the same issue, so reverted back to using just standard. Also I noticed Active Dir has a lower case dc for org so I tried using same lower case dc in Grails config but has same result.
Has anyone come across this issue or know where I may be going worng? Any help appreciated.
Best,
Marklw16
Try these settings:
grails.plugins.springsecurity.ldap.authorities.groupSearchBase ='DC=example,dc=org'
grails.plugins.springsecurity.ldap.authorities.groupSearchFilter = 'member={0}'
Because of european privacy law being harsly applied in the Netherlands and to keep my company's site user friendly without nagging the users with questions if it's okay to store a cookie on their computer that allows me to access their client data.
What I need is a way to "overwrite" the native php sessions class so that at the point where the native class requests the cookie that stores the phpsessid, that I can place my own code there that checks the browsers fingerprint and matches that to a session id which I can use to return the normal working of the native class.
My idea is:
table sess_fingerprints
Fields: fingerprint - phpsessid
function getsessionid()
{
$result = $this->db->query("SELECT phpsessid
FROM `sessiondatabase`.`sess_fingerprints`
WHERE `sess_fingerprints`.`fingerprint` = '$userfingerprint'");
if($result->num_rows() != 0)
{
return $result->row->phpsessid;
}
}
and at that point the native php session code just works as it would normally do.
So, my question is: is it possible to overwrite only the "cookie" part of the phpsession class? if so, how? because I haven't found that yet.
I'm aware of being able to pass along the session variable via urls etc, but that's not secure enough for my web applications.
PHP provides support for custom session handlers:
http://php.net/manual/en/session.customhandler.php
I think I have found the solution to my problem.
I'm going to override the functions related to cookies by using http://php.net/manual/en/function.override-function.php
Thank you all for thinking along.
I am working on a MVC 3 intranet application ( windows authentication ). The application must display the profile page of the user once a user logs in. In order to do that the username of the logged in user must be passed in as a route parameter in the following route in Global.asax.cs.
routes.MapRoute(
"Initial",
"{controller}/{action}/{emailAlias}", // URL with parameters
new { controller = "Home", action = "Home", userId = **<USERNAME>**}
);
Here, for the I've used some alternatives.
At first I used Environment.Username. Which works well in development. But not after publishing. Because then Environment.Username yields the name of the applications pool which the app runs in. As described here.
Controller.User.Identity.Name is used to get the desired username in controllers, works well in pre and post publishing. But it cannot be used in the context of Global.asax.cs.
System.Web.HttpContext.Current.User.Identity.Name yields null reference.
System.Security.Principal.WindowsIdentity.GetCurrent().Name works kind of same as Environment.Username
I'm sure it's easy to figure out that I'm a noob by now. Maybe I've missed something obvious. If so please point that out or please tell me of a simple solution thanks in advance.
The global.asax code is supposed to be run at application startup (and shutdown) and you don't have any session or a user at that time (hence the name global). Why do you need the username in the route? You should just use User.Identity.Name in the controllers' code to identify the user instead of relying in getting it as a parameter.
My host requires me to use a different domain for SSL secured access (shared SSL), so I need to transition the user session between two domains. One part of the page lives at http://example.com, while the SSL'd part is at https://example.hosting.com. As such I can't set a domain-spanning cookie.
What I'm trying to do is to transition the session id over and re-set the cookie like this:
http://example.com/normal/page, user clicks link to secure area and goes to:
http://example.com/secure/page, which causes a redirect to:
https://example.hosting.com/secure/page?sess=ikub..., which resurrects the session and sets a new cookie valid for the domain, then redirects to:
https://example.hosting.com/secure/page
This works up to the point where the session should be resurrected. I'm doing:
function beforeFilter() {
...
$this->Session->id($_GET['sess']);
$this->Session->activate();
...
}
As far as I can tell this should start the session with the given ID. It actually generates a new session ID though and this session is empty, the data is not restored.
This is on CakePHP 1.2.4. Do I need to do something else, or is there a better way to do what I'm trying to do?
When Configure::write('Security.level') is set to medium or higher, session.referer_check is implicitly activated, which makes the whole thing fail. Setting the security level to low (or using a custom session configuration) makes everything work as it should.
There went about 5 hours of debugging... ( -_-;;)
My first thought is to use the Cake file sessions and copy the file over, and then perhaps try and start a new session with that phpsessid, although I'm not even sure if that would actually work or not :)
With Cake 2.6.1 -- This is what worked for me.
$this->Session->id("tfvjv43hjmsnjkh0v3ss539uq7"); // add session id you want to set
$this->Session->id();
$this->Session->read("key"); // hhoorray worked :)
with SessionComponent id() function needs to be called twice once with session id to set session_id(); and second time to start cake session.
First call does not really start the session ... I dont know how Cake Guys missed it .....
Upvote if this works for you.
I just moved my current office Joomla 1.5.8 instalation from the server(linux) to my local machines (winxp) so I can work locally and only upload the changes.
The thing is after downloading all the files and installing a backup of the remote DB on my local machine I found myself unable to login to the administrator panel, I can see the frontpage but not login :/
So far, I have googled alot this problem, but most people seem to be experiencing this problem while upgrading from joomla 1.0
To make sure the problem was not on permissions for the files,I did a separate brand new joomla instalation on another folder and it worked just fine, I could access the website and I also could login to admin page, then I changed the config file to connect to the joomla I'm trying to move and now I find myself again unable to login :/
I think the problem is on the DB however I already tried searching for specific paths but no luck
Does anyone has another Idea?
thanks in advance :)
Try to change following variable in your local configuration file with you local values.
var $offline = '0';
var $log_path = 'Your local joomla path\logs';
var $tmp_path = 'Your local joomla path\tmp';
var $live_site = 'local url will be here';
var $dbtype = 'mysql';
var $host = 'local db host';
var $user = 'DB user for local';
var $db = 'Db name for local';
var $dbprefix = 'DB prefix whatever you have set, by default jos_';
var $password = 'your DB password for local';
You probably have LDAP or openid authentication enabled and thats what is causing this blank page while you try to login.
Just go to your database and go to your:
jos_plugins
And edit the plugins which are either openid or LDAP
set their published status from 1 to '0'
Case solved.
Does your site use any kind of extra authentication? Mine used the LDAP Authentication plugin. MY local machine couldn't connect to the LDAP server. After turning LDAP authentication off (only use Joomla authentication) it worked.
edit the jos_plugins table in mysql to set published from 1 to 0 for any extra authentication plugins you are using.
I have discussed this issue in details here: http://www.itoctopus.com/blank-page-on-joomla-login
In most cases we have seen, Joomla is trying to load a file that no longer exists.