When request a GetCapabilities with a user who have different roles (tested with 3, not admin) on the main wfs/wms URL (/geoserver/wfs), It took a very long time to generate the response (~10minutes).
If I set VERBOSE_MODE, I see in the log that for a single user, GeoFence seems to request LDAP for user and user's role a huge amount of time (cf attached file).
With tcpdump, I see a huge traffic on port 636 (ldaps) when requesting getcap document.
I think there is a huge problem with GeoFence access right checking as it took 10 minutes for a simple GetCapabilities.
Debian 9, Oracle JAVA 8
External OpenLDAP server configured as User, groups and roles service.
17 workspaces, 218 layers, 54 geofence's rules
On LDAP : 836 users and 124 roles
I have the same. It's propably the problem with user cache of geofence. On every request geofence asks about roles of user and it takes some time. I'm using 2.13.1 version.