Enabling Caching for LDAP Authentication

Background

We deploy two Zenoss servers at each datacenter (one active, one standby) for monitoring and data collection. We also use LDAP plugins to authenticate against our Active Directory, over a VPN tunnel. I noticed that the Zenoss UI was very slow for datacenters that had a latency over 75ms RTT. After some debugging and troubleshooting, I realized it was related to LDAP authentication. Every time I accessed a page that required authentication, it performed an LDAP lookup to get my credentials. When I clicked on the Users tab, it took upwards of two minutes to load, as it did an LDAP lookup for each user in Zenoss.

After some searching, I came across the RAM Cache Manager, in Zope. When this object is associated with the LDAPMultiPlugins object, LDAP lookups are cached for re-use, for a configurable time interval. I had assumed that that caching was intially setup just by installing the LDAPMultiPlugins plug-in, as there was a cache tab under the object. I definitely learned that this was not the case.

Enabling Caching

LDAPMultiPlugins has the ability to cache expensive LDAP look-ups and other operations. This ability, however, is not enabled by default. To enable caching:

• Login to the ZMI (Zope Management Interface) at http://servername:8080/zport/manage
• Click on 'acl_users(PAS)' from the center pane or the top-level 'acl_users' from the left navigation pane
• From the drop-down list in the upper right, select 'RAM Cache Manager' and click add.
• Give the RAM Cache Object a name; e.g. - LDAP Cache
• Click on the newly created object to configure it
• Tweak the properties as needed
  
• Click on the 'Associate' tab
• Click 'Locate'
• Your LDAPMultiPlugins object (whatever you named it) and userManager will appear as objects that you can associate with the RAM Cache.
• Check your LDAPMultiPlugin object and select 'Save Changes'.

 Caching is now enabled for LDAP.