Re: LDAP authentication slow

On Wed, May 30, 2018 at 5:43 PM, Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com>
wrote:

> On 05/30/2018 01:41 PM, C GG wrote:
>
>>
>>
>>
> Please let me be clear, this is not a question about whether or not to use
>> passwords. This is a question of how to determine the cause of and remedy a
>> slowdown retrieving data from PostgreSQL when using LDAP(S) to authenticate
>> PostgreSQL users. One of the sideline questions would be how to achieve the
>> same effect by using a different scheme. I should further clarify that a
>> major requirement would be that the scheme would need to work in our
>> current environment without having to re-engineer the client applications.
>> That would entail the need to pass a username and password as we have
>> traditionally done.
>>
>> Any friendly assistance with LDAP(S) to that end is welcome.
>>
>
> Have been following this thread and have not answered previously as
> LDAP/AD is not something I really know about. Still strikes me as similar
> to another LDAP thread:
>
> https://www.postgresql.org/message-id/CAKeZVDov%2Bj2ZfUuSXNN
> -98_Nn_kAXr2e7UmKHhFNODHuEnUwUg%40mail.gmail.com
>
> In that post the OP found that supplying an IP address instead of a host
> name sped up the process.
>
> Have you tried that?
>
> It may not be a permanent solution, but it might help identify where the
> problem is.
>
>
>
That was a good suggestion. I can't get LDAPS to work with an IP address
because fails the TLS check. I don't see an option to ignore hostname
checks for LDAPS, but I have a different idea...

I will try putting the hostname and IP in the hosts file to avoid the DNS
lookup. I should know something by tomorrow if that made a difference.
Thanks for the lead!

>
> --
> Adrian Klaver
> adrian(dot)klaver(at)aklaver(dot)com
>