Which version of java?
From: Mosior, Benjamin [mailto:[email protected]] Sent: Tuesday, January 29, 2013 5:39 PM To: [email protected] Subject: [cas-user] Mitigating Possible SSL/LDAP Overhead: FastBindLdapAuthenticationHandler and the AttributeRepository? Hello all, I've been noticing a 2000-3000ms delay in the login process due to multiple LDAPS connections being made for any single authentication attempt. Non-SSL LDAP logins are nearly instantaneous. Switching to the FastBindLdapAuthenticationHandler helped some, but the delay is still near 1800ms. Watching the logs with the java SSL debug option set, I'm timing the login based on the following: 2013-01-29 15:04:40,694 DEBUG [org.springframework.ldap.core.support.AbstractContextSource] - <Got Ldap context on server 'ldaps://ldapserver'... ### Copious java SSL debug output from the handshakes with the DC (-Djavax.net.debug=ssl) ### 2013-01-29 15:04:42,423 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <Resolved principal fakeprincipal> 1. Is this sort of performance typical? As I mentioned previously, using the unsecured LDAP protocol makes the login process quite fast by comparison. 2. Is there a method for utilizing the FastBindLdapAuthenticationHandler in the context of the attributeRepository? I'm imagining that the users credentials could be used to bind, then search for the principal and any other attributes, populating the attributeRepository with a single LDAPS connection. I couldn't find anything in the docs; am I being naïve? 3. Is there some other plan of attack I should be taking for investigating this issue? I've been reading documentation/mailing lists and doing quite a bit of Google-ing. Environment: RHEL5, apache-tomcat-7.0.27, CAS 3.5.1, Active Directory (LDAPS on port 636). I would greatly appreciate any response you might have. Thank you, Benjamin Mosior -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
