• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Secure LDAP connection

 
Ranch Hand
Posts: 1879
MySQL Database Suse
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have written a security check (LDAP login) that uses Novell's jldap implementation to an e-directory server. When I create an SSL LDAPConnection, it takes over 45 seconds to complete the connection and bind to the server. I hear that the time is used to generate a random seed to connect to the server. Is there any way to reduce the time for creating a secure connection to a Novell e-directory server?
The user's are using a standard image of Windows 98 and jdk 1.3 with the javax.security package ( even though upgrading to Windows XP and jdk 1.4 reduce the time, because we use a standard image it is not possible ).
note: Connection pooling is not an option either because it is a stand alone application.
Thanks,
Jamie
 
Author
Posts: 27
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I wish there was a positive answer.
Even with JSSE and JNDI performance is horrible when creating new connections. One thing that I've liked about some recent versions of servers and at least the latest JNDI in Java 1.4.1 (not sure if JLDAP has it yet) is the StartTLS operation. This at least offers the option of only upgrading the session to SSL when it is really needed.
Clayton
 
"The Hood"
Posts: 8521
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Clayton Donley:
This at least offers the option of only upgrading the session to SSL when it is really needed.


So what is it that exactly HAPPENS when you upgrade the session to SSL?
 
Clayton Donley
Author
Posts: 27
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
When you upgrade the connection it creates an SSL tunnel on top of the plain socket and puts all subsequent operations inside that tunnel. However, you will get the performance hit mentioned above at the time when the connection is upgraded, so this is only REALLY useful if much of what you are transfering can be passed in the clear and only some connections must be secure. This allows the client to select the level of security it wants to use, potentially avoiding some SSL overhead. In fact, some newer access control systems in the directory servers themselves allow you to set access controls based on the session's security in addition to typical user, group, and similar criteria.
Clayton
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic