since my last setup with ony LDAP runs too slow I need to reevaluate the openfire configuration.
Issue:
LDAPS takes up to 10 minutes to search for users and groups (approx. 550 users, 75 groups).
Therefore each login also takes up to 10 minutes for the client user
That’s too long. if I’m right I read that this is a known issue.
My Idea now is to pull users out of active directory via ldapsearch push them into database via script and use either:
Database authentication (Therefore I need to get the active directory password anyhow - even in hashed style. --> I mean that’s not possible is it?)
or
Authenticate with users in database via active directory (If thats possible that should be the better solution)
Question is it possible to have users in database and match them with users in active directory?
how much faster compared to when using ldapS? I agree that ldaps is more secure and should be used…but this will help with the troubleshooting.
For example…as you stated with ldaps it would take 10 mins. if it takes 1 with out ssl, than there is likely an issue with pool connections not working correctly.
LDAP is much faster takes up to 10 sec. LDAPS used to take 2 - 4 minutes.
Unfortunately LDAP is no option for us. Security department doesn’t allow such implementation and I can understand. Plaintext passwords are quite unsecure.
yep…that would do it. If I remember the code correctly, I think connection pooling is disabled when using TLS, but I"m sure as to why. I’m sure there is a reason though!