Hi all,
I am not particularly up with LDAP technology but am currently in charge of implementing our new Simple Edit interface.
One of the biggest issues according to our current crop of simple edit users is that the Simple Editor is too slow. We are trying to remedy this with a new, streamlined Simple Editor but the differences in the speeds obtained by LDAP users and "matrix-native" users (System adminstrator types, Backend user types) is still fairly large. (Something that may take 2 seconds for a Sys admin type user will take 10 seconds for an LDAP user).
We have a very large LDAP directory and am wondering if there is something we can do (either in matrix or in LDAP) that might help with the speed (eg would creating an LDAP group for matrix users help?)
Any ideas appreciated.
Steve
Hi SteveB
What version of matrix are you currently running?
Cheers,
Owen
I think the main issue here, as I have experienced, is that Matrix will query your LDAP directory several times for each asset that makes up your simple edit interface. IE. Every image, css file, javascript, etc that makes up your designs and simple edit layouts will cause matrix to query your LDAP directory. So, if you have 10 images, 3 css files for your design, it could take up to 13 x 10 seconds (for each ldap query) to check permissions.
It's especially worse if you are using ldap groups. Matrix will retrieve all information about that group, all members of that group and then the specific member you have applied permissions for. It is also not possible to cache any of these queries.
I suggest you go speak to your ldap administrator to see this for yourself via a trace/debug.
[quote]I think the main issue here, as I have experienced, is that Matrix will query your LDAP directory several times for each asset that makes up your simple edit interface. IE. Every image, css file, javascript, etc that makes up your designs and simple edit layouts will cause matrix to query your LDAP directory. So, if you have 10 images, 3 css files for your design, it could take up to 13 x 10 seconds (for each ldap query) to check permissions.
It's especially worse if you are using ldap groups. Matrix will retrieve all information about that group, all members of that group and then the specific member you have applied permissions for. It is also not possible to cache any of these queries.
I suggest you go speak to your ldap administrator to see this for yourself via a trace/debug.[/quote]
This information is not accurate. Once you login, Matrix caches everything it knows about you from the LDAP dir in your session. That includes your group membership. There is no need for Matrix to re-query LDAP for each requests file in a design, or even a new page.
Versions from the last 4 months or so make even less requests to LDAP by caching a bit more.
At no time will Matrix ever request a list of all group members unless you expand a group in the asset map.
Where you will see additional LDPA requests is when you are displaying admin screens that show information about LDAP users. This includes the info button at the top of the screen (not in simple edit) where you can see who create/updated/published the asset. It also includes the permissions screen, where Matrix may need to show the name of LDAP users and groups.
If LDAP is running slowly for you, make sure you are running a later version of Matrix to benefit from the more aggressive caching and also make sure your connection to the LDAP dir is very fast. If you need to, have a copy of the dir replicated to the app server (or somewhere very close) so the connection is really fast.
Greg,
I can only comment on what I have experienced in the past. This was with a 3.14 installation and perhaps the implementation wasn't as it should have been. :-/
But, i'm glad to hear that caching has been improved!