This is PostgreSQL 9.5 -- We just enabled LDAP(S) authentication (to an Active Directory server) for a certain grouping of users
pg_hba.conf
#...
hostssl all +ldap_group 0.0.0.0/0 ldap ldaptls="1" ldapserver="....
hostssl all all 0.0.0.0/0 md5
#...
I'm getting complaints from the users authenticating using ldap that database operations are taking quite a bit longer than they were previously when they were authenticating with MD5 stored passwords. Clearly, there's more machinery at work with that kind of operation, but the increase in time is way more that I would have estimated.
I still want them to be able to type in a password, so GSSAPI is out for an alternative (right?) ... Is there something I can do to help speed things up? If there any telemetry that I can generate (logs, stats, etc.) which might be able to pinpoint a bottleneck?
Thanks all,
CG
