I have an Openfire instance running 3.7.0 connected to AD via port 389. Works fine, the user page comes back pretty much instantly after service recycle. I changed the ldap.port to 636 and ldap.sslEnabled to true to test ssl. The user list page takes >1min to load (about 500 users are valid from our 2500 user AD environment). tcpdump shows it using 636, but I see the source port incrementing rapidly - Seems as if Openfire is opening a new connection for each user lookup, or at least not pooling connections properly.
When I switch it back to 389/non-SSL and cycle, it works fine - User list page loads quickly and logins are quick also.
Is anyone else using AD with LDAP & SSL with similar performance to non-SSL?