Performance Issues or Portlet Timeout Errors with WSRP Portlets due to Multiple LDAP Calls
(Doc ID 1921022.1)
Last updated on MAY 31, 2023
Applies to:
Oracle WebCenter Portal - Version 11.1.1.6.0 and laterInformation in this document applies to any platform.
Symptoms
When calling a WSRP Portlet this generates multiple ldap calls to verify the user roles.
It makes two ldap calls for each group the user is member of.
This issue is causing Portlet Timeout errors and Performance issues.
The issue was reported with OVD but issue can happen with other authenticator providers.
The following was observed in the managed server .out file:
- First it shows the user doing login:
<Jun 2, 2014 4:52:15 PM EDT> <Debug> <SecurityAtn> <BEA-000000> <LDAP Atn Login>
<Jun 2, 2014 4:52:15 PM EDT> <Debug> <SecurityAtn> <BEA-000000> <LDAP Atn Login username: <USERNAME>>
<Jun 2, 2014 4:52:15 PM EDT> <Debug> <SecurityAtn> <BEA-000000> <getUserDNName? user:<USERNAME>>
<Jun 2, 2014 4:52:15 PM EDT> <Debug> <SecurityAtn> <BEA-000000> <getConnection return conn:LDAPConnection {ldaps:/<LDAPHOSTNAME>:3060 ldapVersion:3 bindDN:"cn=orcladmin"}>
<Jun 2, 2014 4:52:15 PM EDT> <Debug> <SecurityAtn> <BEA-000000> <getDNForUser search("ou=People,dc=<COMPANYNAME>,dc=com", "(&(uid=<USERNAME>)(objectclass=person))", base DN & below)>
<Jun 2, 2014 4:52:15 PM EDT> <Debug> <SecurityAtn> <BEA-000000> <DN for user <USERNAME>: uid=<USERNAME>,ou=people,dc=<COMPANYNAME>,dc=com>
<Jun 2, 2014 4:52:15 PM EDT> <Debug> <SecurityAtn> <BEA-000000> <found user from ldap, user:<USERNAME>, userDN=uid=<USERNAME>,ou=people,dc=<COMPANYNAME>,dc=com>
<Jun 2, 2014 4:52:15 PM EDT> <Debug> <SecurityAtn> <BEA-000000> <Retrieved username from LDAP :<USERNAME>>
<Jun 2, 2014 4:52:15 PM EDT> <Debug> <SecurityAtn> <BEA-000000> <returnConnection conn:LDAPConnection {ldaps://<LDAPHOSTNAME>:3060 ldapVersion:3 bindDN:"cn=orcladmin"}>
<Jun 2, 2014 4:52:15 PM EDT> <Debug> <SecurityAtn> <BEA-000000> <LDAP Atn Asserted Identity for <USERNAME>>
- Later it shows a call to get the groups the user belongs to:
<Jun 2, 2014 4:52:15 PM EDT> <Debug> <SecurityAtn> <BEA-000000> <LDAP Atn Asserted Identity for <USERNAME>>
<Jun 2, 2014 4:52:15 PM EDT> <Debug> <SecurityAtn> <BEA-000000> <List groups that member: <USERNAME> belongs to>
<Jun 2, 2014 4:52:15 PM EDT> <Debug> <SecurityAtn> <BEA-000000> <getConnection return conn:LDAPConnection {ldaps://<LDAPHOSTNAME>:3060 ldapVersion:3 bindDN:"cn=orcladmin"}>
<Jun 2, 2014 4:52:15 PM EDT> <Debug> <SecurityAtn> <BEA-000000> <getDNForUser search("ou=People,dc=<COMPANYNAME>,dc=com", "(&(uid=<USERNAME>)(objectclass=person))", base DN & below)>
<Jun 2, 2014 4:52:15 PM EDT> <Debug> <SecurityAtn> <BEA-000000> <DN for user <USERNAME>: uid=<USERNAME>,ou=people,dc=<COMPANYNAME>,dc=com>
<Jun 2, 2014 4:52:15 PM EDT> <Debug> <SecurityAtn> <BEA-000000> <search("ou=Groups,dc=oracle,dc=com", "(&(uniquemember=uid=<USERNAME>,ou=people,dc=<COMPANYNAME>,dc=com)(objectclass=groupofuniquenames))", base DN + 1)>
<Jun 2, 2014 4:52:15 PM EDT> <Debug> <SecurityAtn> <BEA-000000> <Result has more elements: true>
<Jun 2, 2014 4:52:16 PM EDT> <Debug> <SecurityAtn> <BEA-000000> <search("ou=Groups,dc=<COMPANYNAME>,dc=com", "(objectclass=groupofurls)", base DN + 1)>
<Jun 2, 2014 4:52:16 PM EDT> <Debug> <SecurityAtn> <BEA-000000> <returnConnection conn:LDAPConnection {ldaps://<LDAPHOSTNAME>:3060 ldapVersion:3 bindDN:"cn=orcladmin"}>
- Then it shows one ldap call for each group the user is member of.
These calls look like this:
<Jun 2, 2014 4:52:16 PM EDT> <Debug> <SecurityAtn> <BEA-000000> <getConnection return conn:LDAPConnection {ldaps://<LDAPHOSTNAME>:3060 ldapVersion:3 bindDN:"cn=orcladmin"}>
<Jun 2, 2014 4:52:16 PM EDT> <Debug> <SecurityAtn> <BEA-000000> <search("ou=Groups,dc=<COMPANYNAME>,dc=com", "(|(&(cn=<GROUPNAME>)(objectclass=groupofUniqueNames))(&(cn=<GROUPNAME>)(objectclass=groupofurls)))", base DN + 1)>
<Jun 2, 2014 4:52:16 PM EDT> <Debug> <SecurityAtn> <BEA-000000> <DN for group <GROUPNAME>: cn=<GROUPNAME>,ou=Groups,dc=<COMPANYNAME>,dc=com>
<Jun 2, 2014 4:52:16 PM EDT> <Debug> <SecurityAtn> <BEA-000000> <Retrieved dn:cn=<GROUPNAME>,ou=Groups,dc=<COMPANYNAME>,dc=com for group:<GROUPNAME>>
<Jun 2, 2014 4:52:16 PM EDT> <Debug> <SecurityAtn> <BEA-000000> <returnConnection conn:LDAPConnection {ldaps://<LDAPHOSTNAME>:3060 ldapVersion:3 bindDN:"cn=orcladmin"}>
<Jun 2, 2014 4:52:16 PM EDT> <Debug> <SecurityAtn> <BEA-000000> <getConnection return conn:LDAPConnection {ldaps://<LDAPHOSTNAME>:3060 ldapVersion:3 bindDN:"cn=orcladmin"}>
<Jun 2, 2014 4:52:16 PM EDT> <Debug> <SecurityAtn> <BEA-000000> <returnConnection conn:LDAPConnection {ldaps://<LDAPHOSTNAME>:3060 ldapVersion:3 bindDN:"cn=orcladmin"}>
The above fragment of the log shows only the ldap call to get one group DN.
There are as many calls as the above to get the DN for all the groups the user is member of.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Cause |
Solution |
References |