Performance problems with pas.plugins.ldap on Plone 5.2

Hi, I installed and successfully configured pas.plugins.ldap (pasldap) on a plone 5.2 running on python 3.7.3. On the documentation it is recommended to use memcached to speed up ldap queries, so I installed the system version of memcached (on Debian 10) with apt and I did not change the default configuration, so memcached runs with:

memcached -m 64 -p 11211 -u memcache -l ...

After that I enabled caching on the pasldap configuration page inside plone controlpanel and set memcached server ip:port to

After this on every request i make (e.g. add a Folder), plone does three ldap queries with the filter (cn=*) which basically means it fetch all the ldap users (in my case 10-12K). The query takes several seconds and as I said it is repeated three times. So the entire request to get the folder creation form takes about 30 seconds.

I expected that only the first query hit the ldap sever and that the subsequent ones would have been cached by memcached, but it seems not to be the case.

The issue was reported a couple of years ago:

but this is marked as solved with version 1.0b1 of node.ext.ldap (

What am I doing wrong? Do I miss some memcached or pasldap configuration?


1 Like

Did you enable the caching for PAS in the ZMI as well? This will speed up things tremendously.

To do so, go to and select the RAMCache.

telnet to your memcached, type stats and check hits and misses. What do you get after a couple of clicks through your site?

My 5 cent. Open YOURSITE/@@usergroup-controlpanel page, tab settings and check the "many users" option, this would probably avoid the "all users" query made by the vocabulary of 'creator' and 'contributors' fields .
The other suggestions are still useful to check.

Thank you all for your suggestions! :+1:
I tried all of them, but in my case the thing that helped the most was to enable the "many users" option as @mamico suggested. This actually prevented the slow (cn=*) ldap query from being executed.

I will indeed keep memcached active to limit the queries to the LDAP server.

Thank you all again for your help!