On Wed, May 30, 2018 at 5:43 PM, Adrian Klaver <adrian.klaver@xxxxxxxxxxx> wrote:
On 05/30/2018 01:41 PM, C GG wrote:
Please let me be clear, this is not a question about whether or not to use passwords. This is a question of how to determine the cause of and remedy a slowdown retrieving data from PostgreSQL when using LDAP(S) to authenticate PostgreSQL users. One of the sideline questions would be how to achieve the same effect by using a different scheme. I should further clarify that a major requirement would be that the scheme would need to work in our current environment without having to re-engineer the client applications. That would entail the need to pass a username and password as we have traditionally done.
Any friendly assistance with LDAP(S) to that end is welcome.
Have been following this thread and have not answered previously as LDAP/AD is not something I really know about. Still strikes me as similar to another LDAP thread:
https://www.postgresql.org/message-id/CAKeZVDov%2Bj2ZfUuSXNN -98_Nn_kAXr2e7UmKHhFNODHuEnUwU g%40mail.gmail.com
In that post the OP found that supplying an IP address instead of a host name sped up the process.
Have you tried that?
It may not be a permanent solution, but it might help identify where the problem is.
That was a good suggestion. I can't get LDAPS to work with an IP address because fails the TLS check. I don't see an option to ignore hostname checks for LDAPS, but I have a different idea...
I will try putting the hostname and IP in the hosts file to avoid the DNS lookup. I should know something by tomorrow if that made a difference. Thanks for the lead!
--
Adrian Klaver
adrian.klaver@xxxxxxxxxxx
