LDAP login slowly #6715 | Support

duyan11110 created 8 months ago

ABP Framework version: v7.3.0
UI Type: MVC
Database System: EF Core (SQL Server)
Tiered (for MVC) or Auth Server Separated (for Angular): yes
Exception message and full stack trace:
Steps to reproduce the issue: I already customize LDAPManager like this:

[Dependency(ReplaceServices = true)]
[ExposeServices(typeof(OpenLdapManager), typeof(ILdapManager), typeof(LdapManager), typeof(MZHOpenLdapManager))]
public class MZHOpenLdapManager : OpenLdapManager
{
    public MZHOpenLdapManager(ILdapSettingProvider ldapSettingProvider) : base(ldapSettingProvider)
    {
    }

    public override async Task<bool> AuthenticateAsync(string username, string password)
    {
        using (var conn = await CreateLdapConnectionAsync())
        {                
            try
            {
                Logger.LogInformation("Login with admin account.");
                await AuthenticateLdapConnectionAsync(conn, await NormalizeUserNameAsync(await LdapSettingProvider.GetUserNameAsync()), await LdapSettingProvider.GetPasswordAsync());
                Logger.LogInformation("Search username");
                //conn.SetOption(LdapForNet.Native.Native.LdapOption.LDAP_OPT_REFERRALS, "ignore");
                SearchRequest request = new SearchRequest(await GetBaseDnAsync(), await GetUserFilterAsync(username), LdapForNet.Native.Native.LdapSearchScope.LDAP_SCOPE_SUBTREE);
                request.SizeLimit = 1;
                SearchOptionsControl SuppressReferrals = new SearchOptionsControl(SearchOption.DomainScope);
                request.Controls.Add(SuppressReferrals);
                //var searchResults = await conn.SearchAsync(await GetBaseDnAsync(), await GetUserFilterAsync(username));
                SearchResponse response = conn.SendRequest(request) as SearchResponse;
                Logger.LogInformation("Get first item searched");
                var userEntry = response.Entries.First();
                Logger.LogInformation("Login with username");
                await AuthenticateLdapConnectionAsync(conn, userEntry.Dn, password);
                Logger.LogInformation("Login LDAP done");
                return true;
            }
            catch (Exception e)
            {
                Logger.LogException(e);
            }

            return false;
        }
    }

    protected override async Task<string> NormalizeUserNameAsync(string userName)
    {
        return $"cn={userName},{await LdapSettingProvider.GetBaseDcAsync()}";
    }

    protected override Task<string> GetUserFilterAsync(string userName)
    {
        return Task.FromResult($"(&(objectClass=user)(sAMAccountName={userName}))");
    }

    protected override Task<string> GetBaseDnAsync()
    {
        return LdapSettingProvider.GetDomainAsync();
    }

    protected override Task<string> GetUserEmailAsync(LdapEntry ldapEntry)
    {
        Logger.LogInformation("Try to get email infor - start");
        string email = ldapEntry.ToDirectoryEntry().GetAttribute("mail")?.GetValue<string>();            
        if (string.IsNullOrWhiteSpace(email))
            email = ldapEntry.ToDirectoryEntry().GetAttribute("userPrincipalName")?.GetValue<string>();
        Logger.LogInformation("Try to get email infor - end");
        return Task.FromResult(email);
    }

In the red area, it takes 10 second after LDAP login done and continue get email infor. Could you pls show me what Abp was doing during that time?

10 Answer(s)

maliming created 8 months ago

Support Team Fullstack Developer

You can continue to override the public virtual async Task<string> GetUserEmailAsync(string userName) of OpenLdapManager to output the debug messages.

public virtual async Task<string> GetUserEmailAsync(string userName)
{
    using (var conn = await CreateLdapConnectionAsync())
    {
        await AuthenticateLdapConnectionAsync(conn, await NormalizeUserNameAsync(await LdapSettingProvider.GetUserNameAsync()), await LdapSettingProvider.GetPasswordAsync());

        var searchResults = await conn.SearchAsync(await GetBaseDnAsync(), await GetUserFilterAsync(userName));
        try
        {
            var userEntry = searchResults.First();
            return await GetUserEmailAsync(userEntry);
        }
        catch (LdapException e)
        {
            Logger.LogException(e);
        }

        return null;
    }
}

0

duyan11110 created 8 months ago

Hi,

Tks for your suggestion, It fixes my issue. conn.SearchAsync is very slow.
0

duyan11110 created 8 months ago

Hi,

I have one more question.

As you can see in the red are, after login with LDAP successfully (very fast now), which actions happened during that time (6 seconds), and how can I improve it?

maliming created 8 months ago

Support Team Fullstack Developer

That may be the browser; you can enable the Debug logs.


public class Program
{
    public async static Task<int> Main(string[] args)
    {
        Log.Logger = new LoggerConfiguration()
            .MinimumLevel.Debug()
            .MinimumLevel.Override("Microsoft.EntityFrameworkCore", LogEventLevel.Warning)
            .Enrich.FromLogContext()
            .WriteTo.Async(c => c.File("Logs/logs.txt"))
            .WriteTo.Async(c => c.Console())
            .CreateLogger();

0

duyan11110 created 8 months ago

Hi,

Added as your suggestion, but the debug logs are all about OpenIddict logs

I don't know why it takes about 6s to redirect to the home page?
0

maliming created 8 months ago
Support Team Fullstack Developer

hi

Please share the logs.txt to liming.ma@volosoft.com
0

duyan11110 created 8 months ago

You only need the log of AuthServer, right?
0

maliming created 8 months ago
Support Team Fullstack Developer

Yes, but you can share the all websites.
0

duyan11110 created 8 months ago

Hi,

Already sent the log file. Pls check.
0

maliming created 8 months ago
Support Team Fullstack Developer

hi

There's nothing useful in the logs. You can keep watching. Check whether it is a fixed or random problem.

Have an answer to this question? Log in and write your answer.