We have a site that is secured via LDAP authentication. We have set up a Matrix User Group and linked LDAP users from our LDAP bridge, and users are required to authenticate using their LDAP credentials.
On the secure site we have a number of pages that use asset listings. Some of the asset listings are to one level, while others are to two levels, with grouping by parent asset. All of the asset listings are nested into pages (we use a set of "master asset" listings which have a dynamic root node set to current asset and we re-use the listings in multiple pages).
Any page that has a nested asset listing on it in the secure site is excruciatingly slow to load; it can take 20 to 30 seconds to load a page. Pages on any of our other (unsecured) sites that utilize the same nested asset listing are much faster to load.
I am wondering if the LDAP security works in such a way that every time a page is required to list assets (i.e. has an asset listing on it), it has to check whether the user that is logged in has access to the files it is going to list. Is that how it works? Is that why the asset listings are so slow? If not, what else might be the problem (the site has the same cache settings as all of our other sites).
Asset listings work in the same way for LDAP users, regular users or the public user. Caching requires different settings to work though.
If you have public level caching enabled in the cache manager, all public users will be getting good page load times for cached pages. You need to turn on group level caching for the same thing to work for logged in users.
Our cache manager has the following settings:
Public level caching: ON
Permission level caching: OFF
Group level caching: ON
The URL of the site in question is listed in the table of cachable root URLs.
Do we need to turn permission level caching on???
Potentially, yes. You may find more luck with Permission level caching ON and Group level caching OFF, particularly if you have a lot of LDAP groups.
No. You need to settings the other way around, like you already have. Permission level caching can only be used with selected custom assets that show different content based on hard-coded permission checks in PHP. Asset listings don't use this; they use public and group level.
Huh, you learn something new every day.