On Mon, 13 May 2002, John wrote: > Ok, I now have timestamping, and see where I believe the delay to be. > > The entire request and group lookups occur within two seconds time, > the tail of of 09:53:38 and throughout 09:53:39. > > It verifies the username/password, does group lookups, and then after > it determines the group, it appears (to my eyes at least) to then > attempt to verify the username/password again. This second attempt > takes around two seconds all by itself. > > Mon May 13 09:53:39 2002 : Debug: rlm_ldap: waiting for bind result ... > Mon May 13 09:53:41 2002 : Debug: rlm_ldap: user username authenticated > succesf > ully
The module will not verify the user in the authorization section; that's for the authentication section. It seems that the BIND request will take around 2 seconds. You should check your ldap server and see what happens. I don't think that it is the module causing the delay. Are you using SSL in the ldap module? That should explain the delay since the module will first try to establish an ssl connection before initiating the bind request. Since you are extracting the user password in the authorization section you could use the pap module in the authenticate section instead of ldap and avoid sending the bind request in the first place. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
