Extremely slow IdP login

Martin Haase Martin.Haase at DAASI.de
Thu Aug 2 07:04:38 EDT 2012

Hi Chad,
it was the same host where both the IdP and ldapsearch ran. And just
verified an ldapsearch as user tomcat6, and it returns quickly as well.
Further ideas?

Am 02.08.2012 12:42, schrieb Chad La Joie:
> In addition, there is also the potential difference in load if
> ldapsearch is run on a different host and OS-level resource
> restrictions (e.g., max number of open file handlers) if run under
> different users.
> The issue is almost certainly your LDAP server.
> On Thu, Aug 2, 2012 at 5:58 AM, Peter Schober
> <peter.schober at univie.ac.at> wrote:
>> * Martin Haase <Martin.Haase at DAASI.de> [2012-08-02 11:38]:
>>> I forgot - a command line ldapsearch from the same machine using the
>>> same parameters returns promptly, so we deduce it would not be an LDAP
>>> issue.
>> Unless you have proof (e.g. with tcpdump) that the LDAP protocol
>> messages sent in both cases are in fact the same I'd be sceptical
>> of this conslusion.
>> E.g. behaviour regarding chasing of referrals or dereferencing of
>> aliases (if any such objects exists) will likely to be different
>> unless you mimic the IdP's LDAP library's bahaviour exactly with
>> options to the command line tools. Network and TLS behaviour might
>> also be different from within the JVM as compared to native tools,
>> etc.
>> -peter
>> --
>> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

Dr. Martin Haase
DAASI International GmbH                   phone:     +49 7071 407109-6
Europaplatz 3                              Fax  :     +49 7071 407109-9
D-72072 Tübingen                           email: Martin.Haase at DAASI.de
Germany                                    Web  :   http://www.daasi.de

Directory Applications for Advanced Security and Information Management

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2345 bytes
Desc: S/MIME Kryptografische Unterschrift
Url : http://shibboleth.net/pipermail/users/attachments/20120802/f8a16ddd/attachment.bin 

More information about the users mailing list