Anonymous_User Absent Member.
Absent Member.
636 views

SSPR login slow?

Hello

I'm running SSPR v3.2.0.2 b27 r38504 on a Windows 2012 server with 4GB
RAM where SSPR is the only application. eDirectory 8.8.8 20805.07 is
running on Linux.

This is a development environment so there is no load on the SSPR server
or the eDirectory server.

When logging in to SSPR just as a regular user it feels the login takes
too long.

The login takes 4-5 seconds.

In ndstrace I can see the delay between the time SSPR binds as the proxy
user and performs the search and then it takes 4-5 seconds before
binding as the user that is authenticating.

Any ideas?

For example there is a delay between New TLS connection and initiating
TLS handshake. That doesn't happen when I test with the same user using
Apache Directory Studio.

1598424832 LDAP: [2015/03/13 17:11:46.857] New TLS connection 0xcdbca80
from 192.168.114.40:50219, monitor = 0x44005700, index = 7
1140872960 LDAP: [2015/03/13 17:11:51.373] Monitor 0x44005700 initiating
TLS handshake on connection 0xcdbca80
1597372160 LDAP: [2015/03/13 17:11:51.373]
(192.168.114.40:50219)(0x0000:0x00) DoTLSHandshake on connection 0xcdbca80
1597372160 LDAP: [2015/03/13 17:11:51.415] BIO ctrl called with unknown
cmd 7
1597372160 LDAP: [2015/03/13 17:11:51.415]
(192.168.114.40:50219)(0x0000:0x00) Completed TLS handshake on
connection 0xcdbca80
1151686400 LDAP: [2015/03/13 17:11:51.416]
(192.168.114.40:50219)(0x0001:0x60) DoBind on connection 0xcdbca80





0 Likes
2 Replies
Anonymous_User Absent Member.
Absent Member.

Re: SSPR login slow?

Anything in the catalina.log or other SSPR log files? Anything else
coming out of the SSPR box during that time period, like DNS lookups perhaps?

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: SSPR login slow?

alekz <alekz@no-mx.forums.netiq.com> wrote:
> Hello
>
> I'm running SSPR v3.2.0.2 b27 r38504 on a Windows 2012 server with 4GB
> RAM where SSPR is the only application. eDirectory 8.8.8 20805.07 is
> running on Linux.
>
> This is a development environment so there is no load on the SSPR server
> or the eDirectory server.
>
> When logging in to SSPR just as a regular user it feels the login takes
> too long.
>
> The login takes 4-5 seconds.
>
> In ndstrace I can see the delay between the time SSPR binds as the proxy
> user and performs the search and then it takes 4-5 seconds before
> binding as the user that is authenticating.
>
> Any ideas?


There is an option (can't recall exactly where it is located) to disable
reverse-DNS resolution (resolve IP from client to name). The IPs in
question were from external internet users could not be resolved by the
configured internal DNS server. We had long delays during login due to this
at one deployment.

Might help.

Otherwise do a wireshark trace. That was where the long DNS timeout showed
up like a red flag for us.

--
If you find this post helpful and are logged into the web interface, show
your appreciation and click on the star below...
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.