Thread:Extension talk:LDAP Authentication/LDAP Authentication + Apache2 High CPU Usage

Good night folks,

We have an Apache with the following settings:  StartServers       256 MinSpareServers     62 MaxSpareServers    256 ServerLimit        350 MaxClients         350 MaxRequestsPerChild 0  Server version: Apache/2.2.3 Server built:  Nov 12 2009 18:43:41 Server's Module Magic Number: 20051115:3 Server loaded: APR 1.2.7, APR-Util 1.2.7 Compiled using: APR 1.2.7, APR-Util 1.2.7 Architecture:  64-bit Server MPM:    Prefork threaded:    no    forked:     yes (variable process count) Server compiled with.... -D APACHE_MPM_DIR="server/mpm/prefork" -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=128 -D HTTPD_ROOT="/etc/httpd" -D SUEXEC_BIN="/usr/sbin/suexec" -D DEFAULT_PIDLOG="logs/httpd.pid" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_LOCKFILE="logs/accept.lock" -D DEFAULT_ERRORLOG="logs/error_log" -D AP_TYPES_CONFIG_FILE="conf/mime.types" -D SERVER_CONFIG_FILE="conf/httpd.conf" Loaded Modules: core_module (static) mpm_prefork_module (static) http_module (static) so_module (static) auth_basic_module (shared) auth_digest_module (shared) authn_file_module (shared) authn_alias_module (shared) authn_anon_module (shared) authn_default_module (shared) authz_host_module (shared) authz_user_module (shared) authz_owner_module (shared) authz_groupfile_module (shared) authz_default_module (shared) include_module (shared) log_config_module (shared) logio_module (shared) env_module (shared) ext_filter_module (shared) mime_magic_module (shared) expires_module (shared) deflate_module (shared) headers_module (shared) usertrack_module (shared) setenvif_module (shared) mime_module (shared) status_module (shared) autoindex_module (shared) info_module (shared) vhost_alias_module (shared) negotiation_module (shared) dir_module (shared) actions_module (shared) speling_module (shared) userdir_module (shared) alias_module (shared) rewrite_module (shared) cache_module (shared) suexec_module (shared) disk_cache_module (shared) file_cache_module (shared) mem_cache_module (shared) cgi_module (shared) version_module (shared) fcgid_module (shared) perl_module (shared) php5_module (shared) Syntax OK At certain times 300 employees simultaneously access our internal mediawiki authenticating to Active Directory using LDAP Authentication Extension.
 * 1) apachectl -V
 * 1) apachectl -M

This time the CPU utilization is very high. CPU    %user     %nice   %system   %iowait    %steal     %idle 03:10:02 PM      all     99.43      0.00      0.50      0.00      0.00      0.07 03:20:03 PM      all     97.63      0.00      0.48      0.00      0.00      1.89 03:30:02 PM      all     98.46      0.00      0.50      0.00      0.00      1.04 03:40:04 PM      all     97.42      0.00      2.58      0.00      0.00      0.00 After this time the CPU utilization decreased significantly. CPU    %user     %nice   %system   %iowait    %steal     %idle 05:50:01 PM      all      8.97      0.00      0.06      0.00      0.00     90.97 06:00:01 PM      all      7.16      0.00      0.04      0.00      0.00     92.79 06:10:01 PM      all      5.13      0.00      0.03      0.00      0.00     94.83 06:20:01 PM      all     18.69      0.00      0.11      0.00      0.00     81.20 06:30:01 PM      all     17.72      0.00      0.09      0.00      0.00     82.18 06:40:01 PM      all     35.12      0.00      0.19      0.00      0.00     64.69 We realized that if we use: $wgGroupPermissions['user' ]['read']           = false; Allowing the User to access the content of mediawiki without authentication, does not occur the high CPU utilization.

This is the configuration of LocalSettings.php require_once 'LdapAuthentication.php'; $wgAuth = new LdapAuthenticationPlugin; $wgLDAPDomainNames = array( 'DOMAIN'); $wgLDAPServerNames = array( 'DOMAIN' => 'myad2.DOMAIN myad1.DOMAIN'); $wgLDAPSearchStrings = array( "DOMAIN"=>"USER-NAME@DOMAIN" ); $wgLDAPSearchAttributes = array( "DOMAIN"=>"sAMAccountName", "DOMAIN"=>"uid"); $wgLDAPEncryptionType = array( 'DOMAIN' => 'clear'); $wgLDAPRetrievePrefs = false; $wgLDAPUseLocal = false; $wgMinimalPasswordLength = 1; Could you help us.
 * 1) $wgLDAPBaseDNs = array( "DOMAIN"=>"DC=domain,DC=com" );

We would like to require the employee to log in to access the content, but by controlling the CPU usage of apache.

Thank you in advance

James Gava