Re: [owncloud-user] Lots of LDAP Queries

Thu, 20 Oct 2016 03:41:35 -0700

I just noticed the same thing this morning. The owncloud client application for Windows checks for updates every 30 seconds. For that it does a PROPFIND on /remote.php/webdav/ using HTTP basic authentication.
In the course of that it checks the password with a BIND and then requests several attributes from the user entry. 


If you have a lot of users with the owncloud client running at all times 
that generates a lot of LDAP queries.



As far as I can see there is no caching of the LDAP attributes thus it 
requests them each time.



Due to this this the owncloud server quickly became our main load on 
your ldap servers...


-Gerald


On 20/10/2016 12:14, Jan Martens wrote:

Hi,

we use ownCloud 9.1.1 with the ldap_user APP and have a LDAP server with
about 11,000 user entries. We investigated that our ownCloud test server
(only two syncclients connected) made about 60,000 to 350,000 queries
per hour to the LDAP server. The productive Server makes even more for
example because for every sync client there is one bind operation every
five minutes.

For example from 2016-10-13 15:00:00 to 2016-10-13 16:00:00 the only the
ownCloudUser 17706 binds and 60572 queries.

It looks like ownCloud makes every ten minutes for every user multiple
queries to the LDAP even if the user never used the ownCloud. The
queries look like the following:

base="uid=usernameXY,ou=people,dc=company,dc=de" scope=0 deref=0
filter="(ownCloudQuota=*)"
base="uid=usernameXY,ou=people,dc=company,dc=de" scope=0 deref=0
filter="(objectClass=*)"
base="ou=People,dc=company,dc=de" scope=2 deref=0
filter="(&(ownCloudQuota=*)(uid=usernameXY))"
base="uid=usernameXY,ou=people,dc=company,dc=de" scope=0 deref=0
filter="(objectClass=*)"
base="uid=usernameXY,ou=people,dc=company,dc=de" scope=0 deref=0
filter="(objectClass=*)"
base="uid=usernameXY,ou=people,dc=company,dc=de" scope=0 deref=0
filter="(objectClass=*)"
base="ou=ownCloud Groups,dc=company,dc=de" scope=2 deref=0
filter="(&(cn=*)(memberUid=usernameXY))"

Of cause we are using APCu as memcache. By increasing the TTL from 600
seconds to 3600 we have alredy reduced the number of queries by about 10
percent.

My question is, if this is normal and nessesary behavior of owncloud. Or
can we adjust the intervall? It would be okay if ownCloud would
synchronize the users three times per day. The rest of the time it would
be enougth to handle the user authentification.

Or could a misconfiguration cause the amount of queries?

Best regards
Jan


_______________________________________________
User mailing list
User@owncloud.org
http://mailman.owncloud.org/mailman/listinfo/user

_______________________________________________
User mailing list
User@owncloud.org
http://mailman.owncloud.org/mailman/listinfo/user






















					Reply via email to