Win a copy of Zero to AI - A non-technical, hype-free guide to prospering in the AI era this week in the Artificial Intelligence and Machine Learning forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Liutauras Vilda
  • Paul Clapham
  • Bear Bibeault
  • Jeanne Boyarsky
  • Ron McLeod
  • Tim Cooke
  • Devaka Cooray
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Jj Roberts
  • Stephan van Hulst
  • Carey Brown
  • salvin francis
  • Scott Selikoff
  • fred rosenberger

JNDI/LDAP SSL and performance.

Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi there,
We are building a custom authentication module; the module is very simple; it just bind to the directory using the credentials passed to the module and after does some searches to retrieve the user�s groups.
We are getting a not-so-good performance; about 200 ms plain-text and 8000 using SSL; we have traced the network and no packet is exchanged until 5000 ms has passed. We suppose it goes about random number generation, but we are not good if there is an easy way to solve it. Our applications are for an intranet.
Another matter is we are trying to reuse the connection to do several bindings over it; when using no encryption it works fine, but when using SSL we get a javax.naming.CommunicationException: Request: 1cancelled; it seems the channel is being closed underneath... Could there be a way to reuse-pool the SSL connections so we avoid this delays... 8 seconds per login seems a little too much.
Many thanks for your help. Best regards.
Ranch Hand
Posts: 1879
MySQL Database Suse
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have written the same program to a Novell eDirectory server. 8 seconds is lightning fast compared to my 45 second time. 44 and 3/4 seconds is spent generating a random seed for the SSL LDAPConnection. Nothing you can do in your code to speed this up. I've been in contact with Novell, and authors on this subject. Everyone has told me "That's just the way it is".
Some things that have shaved my login times to about 12 seconds from 45 were:
1. I upgraded from Windows 98 to XP ( seemed to have the biggest impact )
2. I upgraded from sdk 1.3.1 to 1.4 ( also easier to manage classpaths as all the security packages are incorporated into the sdk 1.4 instead of 3 additional jar files.
3. use a connection pool if you can(just like a database connection pool ). You can have the anonymous Connections already created and waiting on the server. You can just scoop one up from the server and bind/authenticate the user. The binding time is trivial compared to making the connection.
Ranch Hand
Posts: 70
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Could anyone tell me the steps for the eDirectoy/LDAP SSL implementation ? I am facing the issue.
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This post is over 5 years old, I see that, but I am also interested in learning how to connect to active directory using ldap.

I want to do the same thing:

log in to our product using user credentials supplied by the AD, then from that, find the groups of that user to define permissions.

If you find anything out, please let me know.

Consider Paul's rocket mass heater.
    Bookmark Topic Watch Topic
  • New Topic