Extremely slow IdP login
peter.gietz at daasi.de
Thu Aug 2 06:55:00 EDT 2012
Am 02.08.2012 11:58, schrieb Peter Schober:
> * Martin Haase <Martin.Haase at DAASI.de> [2012-08-02 11:38]:
>> I forgot - a command line ldapsearch from the same machine using the
>> same parameters returns promptly, so we deduce it would not be an LDAP
> Unless you have proof (e.g. with tcpdump) that the LDAP protocol
> messages sent in both cases are in fact the same I'd be sceptical
> of this conslusion.
> E.g. behaviour regarding chasing of referrals or dereferencing of
> aliases (if any such objects exists) will likely to be different
> unless you mimic the IdP's LDAP library's bahaviour exactly with
> options to the command line tools. Network and TLS behaviour might
> also be different from within the JVM as compared to native tools,
Thanks a lot Peter for this remark, which leads me to the more general
Is the LDAP behaviour of the library used by the IdP documented so that
we can attempt such a mimicking?
Or even better: has anybody tried to do this mimicking with OpenLDAP
ldapsearch command line tool already?
We will have a second look with TCPdump anyway to proceed in our debugging.
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
Peter Gietz (CEO)
DAASI International GmbH phone: +49 7071 407109-0
Europaplatz 3 Fax: +49 7071 407109-9
D-72072 Tübingen mail: peter.gietz at daasi.de
Germany Web: www.daasi.de
DAASI International GmbH, Tübingen
Geschäftsführer Peter Gietz, Amtsgericht Stuttgart HRB 382175
Directory Applications for Advanced Security and Information Management
More information about the users