Extremely slow IdP login

Peter Gietz peter.gietz at daasi.de
Thu Aug 2 06:55:00 EDT 2012

Am 02.08.2012 11:58, schrieb Peter Schober:
> * Martin Haase <Martin.Haase at DAASI.de> [2012-08-02 11:38]:
>> I forgot - a command line ldapsearch from the same machine using the
>> same parameters returns promptly, so we deduce it would not be an LDAP
>> issue.
> Unless you have proof (e.g. with tcpdump) that the LDAP protocol
> messages sent in both cases are in fact the same I'd be sceptical
> of this conslusion.
> E.g. behaviour regarding chasing of referrals or dereferencing of
> aliases (if any such objects exists) will likely to be different
> unless you mimic the IdP's LDAP library's bahaviour exactly with
> options to the command line tools. Network and TLS behaviour might
> also be different from within the JVM as compared to native tools,
> etc.

Thanks a lot Peter for this remark, which leads me to the more general

Is the LDAP behaviour of the library used by the IdP documented so that
we can attempt such a mimicking?

Or even better: has anybody tried to do this mimicking with OpenLDAP
ldapsearch command line tool already?

We will have a second look with TCPdump anyway to proceed in our debugging.



> -peter
> --
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net


Peter Gietz (CEO)
DAASI International GmbH                   phone: +49 7071 407109-0
Europaplatz 3                              Fax:   +49 7071 407109-9
D-72072 Tübingen                           mail:  peter.gietz at daasi.de
Germany                                    Web:   www.daasi.de

DAASI International GmbH, Tübingen
Geschäftsführer Peter Gietz, Amtsgericht Stuttgart HRB 382175

Directory Applications for Advanced Security and Information Management

More information about the users mailing list