Extremely slow IdP login

Chad La Joie lajoie at itumi.biz
Thu Aug 2 06:42:55 EDT 2012

In addition, there is also the potential difference in load if
ldapsearch is run on a different host and OS-level resource
restrictions (e.g., max number of open file handlers) if run under
different users.

The issue is almost certainly your LDAP server.

On Thu, Aug 2, 2012 at 5:58 AM, Peter Schober
<peter.schober at univie.ac.at> wrote:
> * Martin Haase <Martin.Haase at DAASI.de> [2012-08-02 11:38]:
>> I forgot - a command line ldapsearch from the same machine using the
>> same parameters returns promptly, so we deduce it would not be an LDAP
>> issue.
> Unless you have proof (e.g. with tcpdump) that the LDAP protocol
> messages sent in both cases are in fact the same I'd be sceptical
> of this conslusion.
> E.g. behaviour regarding chasing of referrals or dereferencing of
> aliases (if any such objects exists) will likely to be different
> unless you mimic the IdP's LDAP library's bahaviour exactly with
> options to the command line tools. Network and TLS behaviour might
> also be different from within the JVM as compared to native tools,
> etc.
> -peter
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

Chad La Joie
trusted identities, delivered

More information about the users mailing list