OpenLDAP 2.4.13/14/15: Need long time to autheticate since update
ohartman at zedat.fu-berlin.de
Thu Mar 12 00:41:31 PDT 2009
since we updated ports on our FreeBSD boxes and so OpenLDAP from 2.4.11
-> 2.4.15 and its sibblings authetication on the first attempt from a
client to the server takes a long time. The phenomenon is on several
flavours of FreeBSD the same (7.1-STABLE/i386 + amd64 UP and SMP and
FreeBSD 8.0-CURRENT/amd64 SMP). When login in on a client which is
connecting to slapd for authentication the first attempt takes approx.
10 - 20 seconds to perform. In case of sshd, some users simply hit
return getting to the second-try prompt and then the OpebLDAP server
performs instantanously. In situations where someone can't perform the
first auth-attempt with NULL/RETURN (like automated su/rsync/scp or
something else) this behaviour boring.
I tried to sniff on the server-client communication and watched the log
but nothing shows up suspicious actions, everything seems all right
except the wait on the first attempt.
I try to track down the problem to a misconfiguration, but with OpenLDAP
2.4.11 everything runs fine as expected, so I suspect a change in LDAP.
Besides, this behaviour is also present on freshly installed FreeBSD 8.0
boxes, so I doubt I forgot a relevant package to be updated when
recompiling everything necessary to run OpenLDAP and its vicinity ...
More information about the freebsd-questions