Slow performance with LDAP user.
Facu Basgall
Hello. I have integrated Wazuh with LDAP, but I notice that when I log in with a valid AD user, Wazuh responds much (much!) slower and takes much longer to process web requests.
With the default “admin” user, it works normally.
Juan Felipe González Ortiz
Juan Felipe González Ortiz
Hi Facu,
Thanks for reaching out and reporting this behavior. It’s possible that the indexer is attempting to check other authentication backends before validating against LDAP, which can cause the login to feel much slower.
To better understand your setup, could you please share the following files (feel free to redact any sensitive information):
-
/etc/wazuh-indexer/opensearch-security/config.yml
-
/etc/wazuh-indexer/opensearch-security/roles_mapping.yml
Juan Felipe González Ortiz
Here’s the English version of the response:
Hi Facu,
We’ve reviewed your case and, at first glance, your configuration looks correct. To move forward, our team will simulate an LDAP environment and test some scenarios.
In the meantime, could you share how many groups and users you currently have in your directory? This detail is important since the number of objects can directly affect the LDAP performance with Wazuh.
Facu Basgall
Hi! How many groups and users in the AD in general or in the Wazuh Admin and Wazuh Readers groups?
Juan Felipe González Ortiz
Facu Basgall
Good.
I have in my AD approximately 4900 users, 9200 groups
But in the Wazuh Admin group I have only 7 users and in the Wazuh Readers group only 3 users.
Juan Felipe González Ortiz
Hi, most likely the poor performance is due to the users and groups issue.
I'm going to set up an environment simulating that number of groups and users and let you know.