Extremely slow IdP login
Peter Schober
peter.schober at univie.ac.at
Thu Aug 2 05:58:07 EDT 2012
* Martin Haase <Martin.Haase at DAASI.de> [2012-08-02 11:38]:
> I forgot - a command line ldapsearch from the same machine using the
> same parameters returns promptly, so we deduce it would not be an LDAP
> issue.
Unless you have proof (e.g. with tcpdump) that the LDAP protocol
messages sent in both cases are in fact the same I'd be sceptical
of this conslusion.
E.g. behaviour regarding chasing of referrals or dereferencing of
aliases (if any such objects exists) will likely to be different
unless you mimic the IdP's LDAP library's bahaviour exactly with
options to the command line tools. Network and TLS behaviour might
also be different from within the JVM as compared to native tools,
etc.
-peter
More information about the users
mailing list