Online demo
Download
Contact

Because information matters

  • OKM 6.2 login time?

  • OpenKM has many interesting features, but requires some configuration process to show its full potential.
It is currently Sun Apr 19, 2026 10:19 pm

OKM 6.2 login time?

OpenKM has many interesting features, but requires some configuration process to show its full potential.
Forum rules: Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
 Reply

OKM 6.2 login time?

 #21663  by fergalom
 
I have OKM 6.2 CE configure with ActiveDomain login.
This is functioning correctly both for administrator and normal users.

However the login time from entering username/password to being fully logged in is extremely long - circa 2 minutes!

Is this normal for an AD setup?

OpenKM and AD are on separate machines but same "office" and LAN.

Re: OKM 6.2 login time?

 #21706  by jllort
 
30 Users should be a fast login, you got other kind of problem. Test networking speed and ensure from your server you resolv correctly all ldap principal nodes.

I suggest you browser ldap with http://technet.microsoft.com/en-us/sysi ... 63907.aspx utility:
Normally you'll see main nodes like dc=company,dc=local among others, I suggest you add in hosts files entries like
ip_server company.local etc... ( the main three nodes will give you some idea which hosts names should be added )

Re: OKM 6.2 login time?

 #21799  by fergalom
 
ok so I have tried a number of things

1) The active directory server (10.10.1.2) is named in the hosts file of OpenKM (10.10.1.10) - no change to login times
2) Have configured according to ldap example 3 - http://wiki.openkm.com/index.php/Ldap-example3 - no change to login times

What I am seeing is initial login of any user after period of no use is 2 minutes.
If logout and login as another user, login is immediate < 5sec.

Running OpenKM on a 64bit Ubuntu server VM which is hosted on a VMware ESXi server.
For the initial testing, it is allocated 2 CPU and 2GB ram which should be sufficient.

Anything else I can try?

Re: OKM 6.2 login time?

 #21813  by jllort
 
if you connect with ldap explorer utility http://technet.microsoft.com/en-us/sysi ... 63907.aspx

You'll see several nodes like dc=some,dc=company,com etc... normally 3-4 principal nodes with different names, I suggest you add some ip resolution in your host file like:
Code: Select all
10.10.10.2 some.company.com 
10.10.10.2 schema.some.company.com 
10.10.10.2 configuration.some.company.com 
etc...

Re: OKM 6.2 login time?

 #21832  by fergalom
 
Thanks tried that but it has had no visible effect on login times.
The initial login is still circa 2 minutes for AD authentication which makes it unusable unless this can be solved.

Is there any logs I can provide which might point out what the problem is?

Re: OKM 6.2 login time?

 #21852  by jllort
 
Edit /conf/log4j.properties and at ends add something like :
Code: Select all
log4j.logger.org.springframework.security.ldap=DEBUG
Note that I have never got a installation with this excessibe delay time, you got something strange.

Re: OKM 6.2 login time?

 #21880  by fergalom
 
As I described before, I have followed http://wiki.openkm.com/index.php/Ldap-example3 and any further info provided.

ok here is my OpenKM.xml file
Code: Select all
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:security="http://www.springframework.org/schema/security"
             xmlns:task="http://www.springframework.org/schema/task"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
                                 http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
                                 http://www.springframework.org/schema/security
                                 http://www.springframework.org/schema/security/spring-security-3.1.xsd
                                 http://www.springframework.org/schema/task
                                 http://www.springframework.org/schema/task/spring-task-3.1.xsd">

<security:authentication-manager alias="authenticationManager">
     <security:authentication-provider ref="ldapAuthProvider" />
  </security:authentication-manager>

<beans:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
  <beans:constructor-arg value="ldap://10.10.1.2"/>
 <beans:property name="userDn" value="CN=administrator,CN=Users,DC=fw,DC=local"/>
  <beans:property name="password" value="pass"/>

  <beans:property name="baseEnvironmentProperties">
     <beans:map>
        <beans:entry>
          <beans:key>
            <beans:value>java.naming.referral</beans:value>
          </beans:key>
          <beans:value>follow</beans:value>
        </beans:entry>
      </beans:map>
   </beans:property>
</beans:bean>

<beans:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
  <beans:constructor-arg>
    <beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
      <beans:constructor-arg ref="contextSource"/>
      <beans:property name="userSearch" ref="userSearch"/>
    </beans:bean>
  </beans:constructor-arg>
  <beans:constructor-arg>
    <beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
      <beans:constructor-arg ref="contextSource"/>
      <beans:constructor-arg value="DC=fw,DC=local"/>
      <beans:property name="groupSearchFilter" value="member={0}"/>
      <beans:property name="groupRoleAttribute" value="cn"/>
      <beans:property name="searchSubtree" value="true" />
      <beans:property name="convertToUpperCase" value="false" />
      <beans:property name="rolePrefix" value="" />
    </beans:bean>
  </beans:constructor-arg>
</beans:bean>

<beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
  <beans:constructor-arg index="0" value="DC=fw,DC=local" />
  <beans:constructor-arg index="1" value="(&(sAMAccountName={0})(|(memberOf=CN=ROLE_ADMIN,OU=OpenKM,DC=fw,DC=local)(memberOf=CN=ROLE_USER,OU=OpenKM,DC=fw,DC=local)))" />
  <beans:constructor-arg index="2" ref="contextSource" />
  <beans:property name="searchSubtree" value="true" />
</beans:bean>

</beans:beans>
My hosts file contains:
Code: Select all
127.0.0.1 localhost
10.10.1.10 library.fw.local library
10.10.1.2 SBSSERVER.fw.local SBSSERVER
10.10.1.2 schema.SBSSERVER.fw.local
10.10.1.2 configuration.SBSSERVER.fw.local
10.10.1.2 DomainDnsZones.SBSSERVER.fw.local
10.10.1.2 ForestDnsZones.SBSSERVER.fw.local


# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
My Catalina.log file is attached in dropbox as couldn't upload here
https://www.dropbox.com/s/ep5xo1a5u9f09n3/catalina.zip

Screenshot from the AD tool recommended
https://www.dropbox.com/s/jozosepc7mgyptm/Capture.jpg

I don't think I have anything odd but at this stage I'm at a loss as to how to solve this.

Re: OKM 6.2 login time?

 #21886  by dejanfc
 
Do you have a reverse dns zone with your AD and openkm server entries? We had similar problem on linux clients, there's a bug in ubuntu 12.04 which makes it always perform a reverse lookup on the host name, and the services that depend on it wait 15s for a reply every time.

Re: OKM 6.2 login time?

 #21899  by jllort
 
I suggest add in /etc/hosts the ip for fw.local
10.10.1.2 fw.local

and all the other subdomains associated with it. Put here your /etc/hosts file to ensure is right.

Re: OKM 6.2 login time?

 #21900  by fergalom
 
here is the contents of my etc/hosts file.
Code: Select all
administrator@library:~$ cat /etc/hosts
127.0.0.1 localhost
127.0.0.1 library
127.0.0.1 library.fw.local
10.10.1.10 library library.fw.local
10.10.1.2 fw.local
10.10.1.2 SBSSERVER SBSSERVER.fw.local
10.10.1.2 schema.SBSSERVER.fw.local
10.10.1.2 configuration.SBSSERVER.fw.local
10.10.1.2 DomainDnsZones.SBSSERVER.fw.local
10.10.1.2 ForestDnsZones.SBSSERVER.fw.local
@ dejanfc - no reverse dns zones. Thought ipv6 could be causing it so tried disabling it too.

No changes to login times yet.

Re: OKM 6.2 login time?

 #21907  by jllort
 
In the image you have black edited some name, we will call as fw but obviously is not fw, right ?
Code: Select all
10.10.1.2 fw.local
10.10.1.2 SBSSERVER SBSSERVER.fw.local
10.10.1.2 schema.fw.local
10.10.1.2 Schema.Configuration.fw.local
10.10.1.2 Configuration.fw.local
10.10.1.2 DomainDnsZones.fw.local
10.10.1.2 ForestDnsZones.fw.local
See I have changed schema.fw.local to Schema.configuration.fw.local and other in same way.

Re: OKM 6.2 login time?

 #21929  by fergalom
 
yes, not fw but similar.

Your suggested changes to the /etc/hosts has worked - Thank you very much for all the help, really appreciated.
Instant login now! :-)
 Reply
 Return to “Configuration”

Favorites

About Us

OpenKM is part of the management software. A management software is a program that facilitates the accomplishment of administrative tasks. OpenKM is a document management system that allows you to manage business content and workflow in a more efficient way. Document managers guarantee data protection by establishing information security for business content.

Powered By phpBB -
 ©OpenKM 2021
 - All times are UTC -