| From: | C GG <cgg0007(at)gmail(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | LDAP authentication slow |
| Date: | 2018-05-29 14:09:47 |
| Message-ID: | CAJXW-z-K1h_2icOgdOaQZzX0d3dz-SQeLxHMi2EFP7Egy0q03Q@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
This is PostgreSQL 9.5 -- We just enabled LDAP(S) authentication (to an
Active Directory server) for a certain grouping of users
pg_hba.conf
#...
hostssl all +ldap_group 0.0.0.0/0 ldap ldaptls="1" ldapserver="....
hostssl all all 0.0.0.0/0 md5
#...
I'm getting complaints from the users authenticating using ldap that
database operations are taking quite a bit longer than they were previously
when they were authenticating with MD5 stored passwords. Clearly, there's
more machinery at work with that kind of operation, but the increase in
time is way more that I would have estimated.
I still want them to be able to type in a password, so GSSAPI is out for an
alternative (right?) ... Is there something I can do to help speed things
up? If there any telemetry that I can generate (logs, stats, etc.) which
might be able to pinpoint a bottleneck?
Thanks all,
CG
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Brian Dunavant | 2018-05-29 14:26:42 | Re: existence of a savepoint? |
| Previous Message | Melvin Davidson | 2018-05-29 13:59:40 | Re: How to drop a value from an ENUM? |