Plone 5.0.x, app.ldap, and app.form broken

The initial response time is caused by the LDAP server. If you have a large LDAP directory with thousands of users/groups, one can understand that presenting a list for them takes much time. I remember to have read about a configuration option which switches from a complete presentation (good for small user bases) to one based on a preliminary search.

The framework (Products.PluggableAuthService) provides for caching of frequent operations (looking up individual users, groups, ...). As this caching can use stale data (and thereby can cause surprises), it must be explicitly enabled. It is a very long time that I have used it - and meanwhile, I forgot the details (look at the docmentation).

Maybe, your configuration is not yet optimal. I would expect, that the plugin allows you to specify (via configuration) which LDAP attribute is used as correspondence for Plone "login name". And hopefully, there is such an attribute that does not contain the FQDN.

Otherwise, you have the advantage to use a highly customizable subframework (Products.PluggableAuthService). Usually, it is quite easy to derive new plugins from existing ones to take care of special conditions (such as e.g. a need to automatically add a "FQDN"). You then install and activate your extended plugin instead of the base one.

FYI I've added a buildout with config that makes plone.app.ldap work with Plone 5.1. It should work for 5.x, but I haven't checked that: https://github.com/plone/plone.app.ldap/issues/24