• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • paul wheaton
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Henry Wong
Saloon Keepers:
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Tim Moores
  • Mikalai Zaikin
Bartenders:
  • Frits Walraven

JNDI/LDAP SSL and performance.

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi there,
We are building a custom authentication module; the module is very simple; it just bind to the directory using the credentials passed to the module and after does some searches to retrieve the user�s groups.
We are getting a not-so-good performance; about 200 ms plain-text and 8000 using SSL; we have traced the network and no packet is exchanged until 5000 ms has passed. We suppose it goes about random number generation, but we are not good if there is an easy way to solve it. Our applications are for an intranet.
Another matter is we are trying to reuse the connection to do several bindings over it; when using no encryption it works fine, but when using SSL we get a javax.naming.CommunicationException: Request: 1cancelled; it seems the channel is being closed underneath... Could there be a way to reuse-pool the SSL connections so we avoid this delays... 8 seconds per login seems a little too much.
Many thanks for your help. Best regards.
 
Ranch Hand
Posts: 1879
MySQL Database Suse
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have written the same program to a Novell eDirectory server. 8 seconds is lightning fast compared to my 45 second time. 44 and 3/4 seconds is spent generating a random seed for the SSL LDAPConnection. Nothing you can do in your code to speed this up. I've been in contact with Novell, and authors on this subject. Everyone has told me "That's just the way it is".
Some things that have shaved my login times to about 12 seconds from 45 were:
1. I upgraded from Windows 98 to XP ( seemed to have the biggest impact )
2. I upgraded from sdk 1.3.1 to 1.4 ( also easier to manage classpaths as all the security packages are incorporated into the sdk 1.4 instead of 3 additional jar files.
3. use a connection pool if you can(just like a database connection pool ). You can have the anonymous Connections already created and waiting on the server. You can just scoop one up from the server and bind/authenticate the user. The binding time is trivial compared to making the connection.
Jamie
 
Ranch Hand
Posts: 70
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Could anyone tell me the steps for the eDirectoy/LDAP SSL implementation ? I am facing the issue.
 
Ranch Hand
Posts: 54
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
This post is over 5 years old, I see that, but I am also interested in learning how to connect to active directory using ldap.

I want to do the same thing:

log in to our product using user credentials supplied by the AD, then from that, find the groups of that user to define permissions.

If you find anything out, please let me know.

Thanks.
 
Always! Wait. Never. Shut up. Look at this tiny ad.
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic