users@glassfish.java.net

Re: Problem with performance of LDAP Security Realm in Glassfish V2

From: Dick Davies <rasputnik_at_hellooperator.net>
Date: Thu, 27 Nov 2008 18:42:36 +0000

On Tue, Nov 25, 2008 at 2:31 PM, <glassfish_at_javadesktop.org> wrote:

> The issue that I am having with the application is that a successful authentication results in a delay of typically about 30 seconds before the initial authentication-restricted page is returned to the browser.

> Processing login with credentials of type: class com.sun.enterprise.security.auth.login.PasswordCredential
> Logging in user [<user>] into realm: <realm> using JAAS module: ldapRealm
> Login module initialized: class com.sun.enterprise.security.auth.login.LDAPLoginModule
> search: baseDN: <baseDN> filter: uid=<user>
> Found user DN: <DN>
>
> ------ pause ------
>
> LDAP: Group memberships found:

I know nothing about OpenDS, but it looks to me like there's a search
going on there
(the user DN -> group mapping) that is taking too long.

You might want to see what level of debugging you can enable on the
directory server;
with luck you can just index a couple of fields and things should
improve. A well-indexed directory
and a good search filter works wonders :)