Hi,
We are evaluating Openfire, and I have to say: it’s a wonderful product.
There is just one little thing annoying us (and preventing us to start massive use).
The problem is that searching for people is very fast when Openfire is NOT configured to use SSL in the LDAP section of “openfire.xml” (we are connecting to an Active Directory server with around 3.000 users).
But, when SSL is enabled, search results are VERY slow (its not a client problem, since the searches are slow even when made through the OPenfire admin console).
Connection pooling is also enabled but it seems that this option has NO effect when SSL is active.
This is part of our configuration file:
true
true
false
We tried to put the following JAVA options in our “openfire-service.vmoptions” file without success:
-Dcom.sun.jndi.ldap.connect.pool=true
-Dcom.sun.jndi.ldap.connect.pool.protocol=“plain ssl”
This is a HUGE problem to us, because we are not allowed to access the LDAP server in production environment without SSL enabled, since user passwords would cross the intranet in plain text during authentication phase.
(By the way, we could remediate the situation if we could access LDAP server with SSL enabled only for user authentication. We don’t have to use SSL for searches).
Thanks for any help.