Problem with GeoFence roles checking

Description

When request a GetCapabilities with a user who have different roles (tested with 3, not admin) on the main wfs/wms URL (/geoserver/wfs), It took a very long time to generate the response (~10minutes).

If I set VERBOSE_MODE, I see in the log that for a single user, GeoFence seems to request LDAP for user and user's role a huge amount of time (cf attached file).

With tcpdump, I see a huge traffic on port 636 (ldaps) when requesting getcap document.

I think there is a huge problem with GeoFence access right checking as it took 10 minutes for a simple GetCapabilities.

Environment

Debian 9, Oracle JAVA 8
External OpenLDAP server configured as User, groups and roles service.
17 workspaces, 218 layers, 54 geofence's rules
On LDAP : 836 users and 124 roles

Activity

Show:
Mateusz Kacprzak
July 20, 2018, 1:40 PM
Edited

I have the same. It's propably the problem with user cache of geofence. On every request geofence asks about roles of user and it takes some time. I'm using 2.13.1 version.

Assignee

Unassigned

Reporter

Julien SABATIER

Triage

None

Fix versions

None

Affects versions

Components

Priority

High
Configure