LDAP Authentication using Concourse 4.2.2 Taking at least 45 Seconds to authenticate

#1

Concourse 4.2.2 installation with ldap authentication is taking about one minute to authenticate. Local user account is authenticating without any delay. Below are my configuration details:

Concourse Ldap config:
- release: concourse
name: atc
properties:
log_level: debug
build_log_retention:
maximum: 1000
external_url: https://((concourse_host)):443
add_local_users: [‘admin1:((main-team-password))’]
main_team:
auth:
local:
users:
- admin1
ldap:
groups:
- G_UserTeam
ldap_auth:
bind_dn: CN=ldapuser,OU=EnterpriseGroups,DC=sample,DC=com
bind_pw: ******
host: dldap.sample.com
insecure_skip_verify: true
start_tls: false
group_search_filter: (&(objectCategory=group)(|(cn=G_User_)(cn=g_Test_)))
group_search_base_dn: OU=EnterpriseGroups,DC=sample,DC=com
group_search_scope: sub
group_search_name_attr: cn
group_search_group_attr: member
group_search_user_attr: distinguishedName
user_search_base_dn: OU=Users,DC=sample,DC=com
user_search_filter: (&(objectCategory=Person)(sAMAccountName=*))
user_search_username: sAMAccountName
user_search_id_attr: sAMAccountName
user_search_scope: sub
user_search_name_attr: name
user_search_email_attr: mail

Login trace:
{“timestamp”:“1547826962.920542002”,“source”:“atc”,“message”:“atc.dex.event”,“log_level”:1,“data”:{“fields”:{“connector”:“LDAP”},“message”:“performing ldap search DC=sample,DC=com sub (\u0026(\u0026(objectCategory=Person)(sAMAccountName=*)(sAMAccountName=user1))”,“session”:“5”}}
{“timestamp”:“1547826962.933685541”,“source”:“atc”,“message”:“atc.dex.event”,“log_level”:1,“data”:{“fields”:{“connector”:“LDAP”},“message”:“username “user1” mapped to entry CN=Test User (user1),OU=CO1,DC=sample,DC=com”,“session”:“5”}}
{“timestamp”:“1547826983.100530863”,“source”:“atc”,“message”:“atc.dex.event”,“log_level”:1,“data”:{“fields”:{“connector”:“LDAP”},“message”:“performing ldap search OU=EnterpriseGroups,DC=sample,DC=com sub (\u0026(\u0026(objectCategory=group))(member=CN=Test User \user1\29,OU=CO1,DC=sample,DC=com))”,“session”:“5”}}
{“timestamp”:“1547826983.119504213”,“source”:“atc”,“message”:“atc.dex.event”,“log_level”:1,“data”:{“fields”:{},“message”:“login successful: connector “ldap”, username=“user1”, email="Test.User@sample.com”, groups=[“G_UserTeam”]",“session”:“5”}}

After clicking on Login button it takes about 35 seconds for fist atc.dex.event log message to display. When I perform ldapsearch using command line utility there is no delay in search.
If someone can help me to resolve this issue, I would be greatly appreciated.

0 Likes

#2

Resolved

This issue got resolved after updating secondary and tertiary DNS IP addresses to different DNS servers on cloud config and redeploying the concourse.

Thanks,
Vasee

0 Likes