Hello all,
I've been noticing a 2000-3000ms delay in the login process due to multiple
LDAPS connections being made for any single authentication attempt. Non-SSL
LDAP logins are nearly instantaneous. Switching to the
FastBindLdapAuthenticationHandler helped some, but the delay is still near
1800ms. Watching the logs with the java SSL debug option set, I'm timing the
login based on the following:
2013-01-29 15:04:40,694 DEBUG
[org.springframework.ldap.core.support.AbstractContextSource] - <Got Ldap
context on server 'ldaps://ldapserver'...
### Copious java SSL debug output from the handshakes with the DC
(-Djavax.net.debug=ssl) ###
2013-01-29 15:04:42,423 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] - <Resolved principal
fakeprincipal>
1. Is this sort of performance typical? As I mentioned previously, using
the unsecured LDAP protocol makes the login process quite fast by comparison.
2. Is there a method for utilizing the FastBindLdapAuthenticationHandler
in the context of the attributeRepository? I'm imagining that the users
credentials could be used to bind, then search for the principal and any other
attributes, populating the attributeRepository with a single LDAPS connection.
I couldn't find anything in the docs; am I being naïve?
3. Is there some other plan of attack I should be taking for
investigating this issue? I've been reading documentation/mailing lists and
doing quite a bit of Google-ing.
Environment:
RHEL5, apache-tomcat-7.0.27, CAS 3.5.1, Active Directory (LDAPS
on port 636).
I would greatly appreciate any response you might have.
Thank you,
Benjamin Mosior
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
