Is LDAP connection pooling active when SSL enabled?

Hi,

We are evaluating Openfire, and I have to say: it’s a wonderful product.

There is just one little thing annoying us (and preventing us to start massive use).

The problem is that searching for people is very fast when Openfire is NOT configured to use SSL in the LDAP section of “openfire.xml” (we are connecting to an Active Directory server with around 3.000 users).

But, when SSL is enabled, search results are VERY slow (its not a client problem, since the searches are slow even when made through the OPenfire admin console).

Connection pooling is also enabled but it seems that this option has NO effect when SSL is active.

This is part of our configuration file:

true
true
false

We tried to put the following JAVA options in our “openfire-service.vmoptions” file without success:

-Dcom.sun.jndi.ldap.connect.pool=true
-Dcom.sun.jndi.ldap.connect.pool.protocol=“plain ssl”

This is a HUGE problem to us, because we are not allowed to access the LDAP server in production environment without SSL enabled, since user passwords would cross the intranet in plain text during authentication phase.
(By the way, we could remediate the situation if we could access LDAP server with SSL enabled only for user authentication. We don’t have to use SSL for searches).

Thanks for any help.

I forgot to say that slow searches have enormous impact on usability.

Besides, very frequently, searches DON’T return users that EXIST in the directory (in Spark, a dialog says: “No search results were returned by the server”). This can lead to no confidence in the product.

On the client side, we tryed to increment the “timeout” field in “spark.properties”, but the problem persists even when timeout set to very high values.

The only way to have satisfactory performance in searches is disabling the SSL feature of LDAP conections in “openfire.xml” (something we can’t do, as previously explained).