Thread:Extension talk:LDAP Authentication/LDAP-Authentication is slow

The login takes up to 2 minutes or longer, if group restriction is enabled. A look in the debug log (log level: 3) shows, that the user is searched in every group to authenticate it. This step takes a lot of time, because there are over 100.000 users and many groups. Is there a way to improve the speed or a workaround, like just checking if the user is in the required group? The Mediawiki version is: 1.20.2 Configuration and log are below:

2013-11-12 12:50:51 : 2.0f Entering validDomain 2013-11-12 12:50:51 : 2.0f User is not using a valid domain. 2013-11-12 12:50:51 : 2.0f Entering getDomain 2013-11-12 12:50:51 : 2.0f Setting domain as: domain 2013-11-12 12:50:51 : 2.0f Entering allowPasswordChange 2013-11-12 12:50:51 : 2.0f Entering getDomain 2013-11-12 12:50:51 : 2.0f Entering getDomain 2013-11-12 12:50:51 : 2.0f Entering modifyUITemplate 2013-11-12 12:50:51 : 2.0f Entering getDomain 2013-11-12 12:50:51 : 2.0f Entering getDomain 2013-11-12 12:50:51 : 2.0f Entering getDomain 2013-11-12 12:50:52 : 2.0f Entering validDomain 2013-11-12 12:50:52 : 2.0f User is not using a valid domain. 2013-11-12 12:50:52 : 2.0f Entering getDomain 2013-11-12 12:50:52 : 2.0f Setting domain as: domain 2013-11-12 12:50:52 : 2.0f Entering allowPasswordChange 2013-11-12 12:50:52 : 2.0f Entering getDomain 2013-11-12 12:50:52 : 2.0f Entering getDomain 2013-11-12 12:50:52 : 2.0f Entering modifyUITemplate 2013-11-12 12:50:52 : 2.0f Entering getDomain 2013-11-12 12:50:52 : 2.0f Entering getDomain 2013-11-12 12:50:52 : 2.0f Entering getDomain 2013-11-12 12:50:56 : 2.0f Entering validDomain 2013-11-12 12:50:56 : 2.0f User is using a valid domain (domain). 2013-11-12 12:50:56 : 2.0f Setting domain as: domain 2013-11-12 12:50:56 : 2.0f Entering getCanonicalName 2013-11-12 12:50:56 : 2.0f Username is: login 2013-11-12 12:50:56 : 2.0f Entering getDomain 2013-11-12 12:50:56 : 2.0f Munged username: login 2013-11-12 12:50:56 : 2.0f Entering authenticate for username login 2013-11-12 12:50:56 : 2.0f Entering getDomain 2013-11-12 12:50:56 : 2.0f Entering getDomain 2013-11-12 12:50:56 : 2.0f Entering getDomain 2013-11-12 12:50:56 : 2.0f Entering Connect 2013-11-12 12:50:56 : 2.0f Entering getDomain 2013-11-12 12:50:56 : 2.0f Using TLS or not using encryption. 2013-11-12 12:50:56 : 2.0f Entering getDomain 2013-11-12 12:50:56 : 2.0f Entering getDomain 2013-11-12 12:50:56 : 2.0f Entering getDomain 2013-11-12 12:50:56 : 2.0f Using servers:  ldap://server:389 2013-11-12 12:50:56 : 2.0f Entering getDomain 2013-11-12 12:50:56 : 2.0f PHP's LDAP connect method returned true (note, this does not imply it connected to the server). 2013-11-12 12:50:56 : 2.0f Entering getSearchString 2013-11-12 12:50:56 : 2.0f Entering getDomain 2013-11-12 12:50:56 : 2.0f Entering getUserDN 2013-11-12 12:50:56 : 2.0f Entering getDomain 2013-11-12 12:50:56 : 2.0f Doing a proxy bind 2013-11-12 12:50:56 : 2.0f Entering getDomain 2013-11-12 12:50:56 : 2.0f Entering getDomain 2013-11-12 12:50:56 : 2.0f Created a regular filter: (uid=login) 2013-11-12 12:50:56 : 2.0f Entering getBaseDN 2013-11-12 12:50:56 : 2.0f Entering getDomain 2013-11-12 12:50:56 : 2.0f basedn is ou=users,dc=,dc=de 2013-11-12 12:50:56 : 2.0f Using base: ou=users,dc=,dc=de 2013-11-12 12:50:56 : 2.0f Setting the LDAPUsername based on fetched wgLDAPSearchAttributes: login 2013-11-12 12:50:56 : 2.0f userdn is: uid=login,ou=users,dc=,dc=de 2013-11-12 12:50:56 : 2.0f Entering getDomain 2013-11-12 12:50:56 : 2.0f Binding as the user 2013-11-12 12:50:56 : 2.0f Bound successfully 2013-11-12 12:50:56 : 2.0f Entering getDomain 2013-11-12 12:50:56 : 2.0f Entering getDomain 2013-11-12 12:50:56 : 2.0f Entering getGroups 2013-11-12 12:50:56 : 2.0f Entering getDomain 2013-11-12 12:50:56 : 2.0f Retrieving LDAP group membership 2013-11-12 12:50:56 : 2.0f Entering getDomain 2013-11-12 12:50:56 : 2.0f Entering getDomain 2013-11-12 12:50:56 : 2.0f Searching for the groups 2013-11-12 12:50:56 : 2.0f Entering searchGroups 2013-11-12 12:50:56 : 2.0f Entering getBaseDN 2013-11-12 12:50:56 : 2.0f Entering getDomain 2013-11-12 12:50:56 : 2.0f basedn is ou=groups,dc=,dc=de 2013-11-12 12:50:56 : 2.0f Entering getDomain 2013-11-12 12:50:56 : 2.0f Entering getDomain 2013-11-12 12:50:56 : 2.0f Entering getDomain 2013-11-12 12:50:56 : 2.0f Entering getDomain 2013-11-12 12:50:56 : 2.0f Binding as the proxyagent 2013-11-12 12:50:56 : 2.0f Entering getDomain 2013-11-12 12:50:56 : 2.0f Entering getDomain 2013-11-12 12:50:56 : 2.0f Search string: (&(uniqueMember=uid=login,ou=users,dc=,dc=de)(objectclass=groupOfUniqueNames)) 2013-11-12 12:52:59 : 2.0f Returned groups: cn=group1,ou=groups,dc=,dc=de::cn=group2,ou=groups,dc=,dc=de::cn=group3,ou=groups,dc=,dc=de::cn=group4,ou=groups,dc=,dc=de::cn=sgroup5,ou=groups,dc=,dc=de::cn=group6,ou=groups,dc=,dc=de::cn=group7,ou=groups,dc=,dc=de::cn=group8,ou=groups,dc=,dc=de::cn=group9,ou=groups,dc=,dc=de::cn=group10,ou=groups,dc=,dc=de::cn=group11,ou=groups,dc=,dc=de 2013-11-12 12:52:59 : 2.0f Entering getDomain 2013-11-12 12:52:59 : 2.0f Entering getDomain 2013-11-12 12:52:59 : 2.0f Entering checkGroups 2013-11-12 12:52:59 : 2.0f Entering getDomain 2013-11-12 12:52:59 : 2.0f Entering getDomain 2013-11-12 12:52:59 : 2.0f Checking for (new style) group membership 2013-11-12 12:52:59 : 2.0f Required groups: cn=group9,ou=groups,dc=,dc=de 2013-11-12 12:52:59 : 2.0f Checking against: cn=group1,ou=groups,dc=,dc=de 2013-11-12 12:52:59 : 2.0f Checking against: cn=group2,ou=groups,dc=,dc=de 2013-11-12 12:52:59 : 2.0f Checking against: cn=group3,ou=groups,dc=,dc=de 2013-11-12 12:52:59 : 2.0f Checking against: cn=group4,ou=groups,dc=,dc=de 2013-11-12 12:52:59 : 2.0f Checking against: cn=group5,ou=groups,dc=,dc=de 2013-11-12 12:52:59 : 2.0f Checking against: cn=group6,ou=groups,dc=,dc=de 2013-11-12 12:52:59 : 2.0f Checking against: cn=group7,ou=groups,dc=,dc=de 2013-11-12 12:52:59 : 2.0f Checking against: cn=group8,ou=groups,dc=,dc=de 2013-11-12 12:52:59 : 2.0f Checking against: cn=group9,ou=groups,dc=,dc=de 2013-11-12 12:52:59 : 2.0f Found user in a group. 2013-11-12 12:52:59 : 2.0f Entering getPreferences 2013-11-12 12:52:59 : 2.0f Entering getDomain 2013-11-12 12:52:59 : 2.0f Authentication passed 2013-11-12 12:52:59 : 2.0f Entering updateUser 2013-11-12 12:52:59 : 2.0f Entering getDomain 2013-11-12 12:52:59 : 2.0f Entering getDomain 2013-11-12 12:52:59 : 2.0f User has a token, setting domain in user options. 2013-11-12 12:52:59 : 2.0f Saving user settings.