-
Bug
-
Resolution: Fixed
-
Medium
-
5.4.3, 5.5.3, 5.6
-
12
-
Severity 2 - Major
-
LDAP connections over SSL are not pooled, meaning each operation acquires a new TCP connection as well as negotiating SSL. This significantly increases the time taken for operations like synchronization. This can also cause sluggish login times.
Workaround for improving the Synchronization Time:
Albeit not a workaround for the problem pooling connections, the following might improve the synchronization time:
- Edit the LDAP directory:
- On Use the User Membership Attribute, under Membership Schema Settings, please:
- Uncheck 'When finding the members of a group';
- Check 'When finding the user’s group membership'.
- Synchronize the directory.
Workaround for improving the login time:
The following can be added to force the JVM to pool SSL connections. Add the following line to your Apache Tomcat /bin/setenv.sh (setenv.bat for Windows) file. Revert the changes if we encounter any start-up issues or login times do not improve.
On Linux:
JAVA_OPTS="$JAVA_OPTS -Dcom.sun.jndi.ldap.connect.pool.protocol='plain ssl' -Dcom.sun.jndi.ldap.connect.pool.authentication='none simple DIGEST-MD5'"
On Windows:
JAVA_OPTS=%JAVA_OPTS% -Dcom.sun.jndi.ldap.connect.pool.protocol="plain ssl" -Dcom.sun.jndi.ldap.connect.pool.authentication="none simple DIGEST-MD5"
- is cloned from
-
CWD-4070 Pool SSL LDAP connections
- Closed
- relates to
-
CONFSERVER-35760 Provide an option to ignore group membership update during authentication for CONNECTOR
- Closed
- mentioned in
-
Page Loading...