Search Postgresql Archives

Re: LDAP with TLS is taking more time in Postgresql 11.5

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 2/24/20 9:07 PM, Mani Sankar wrote:
Please reply to list also.
Ccing list.

Hi Adrian,

Thanks for replying. Below are the requested details.

################ Configuration in 9.4 PG Version
local all all ldap ldapserver=XXXXXXXXXXXXXX ldapport=3268 ldapprefix="ADS\" ldapsuffix="" ldaptls=1
host all someuser xx.xx.xx.xx/32 ldap ldapserver=XXXXXXXXXXXXXXX ldapport=3268 ldapprefix="ADS\" ldapsuffix="" ldaptls=1
host all someuser ::1/128 ldap ldapserver=XXXXXXXXXXXXXXX ldapport=3268 ldapprefix="ADS\" ldapsuffix="" ldaptls=1
host all all 0.0.0.0/0 <http://0.0.0.0/0> ldap ldapserver=XXXXXXXXXXXXXXX ldapport=3268 ldapprefix="ADS\" ldapsuffix="" ldaptls=1
host all all ::1/128 ldap ldapserver=XXXXXXXXXXXXXXX ldapport=3268 ldapprefix="ADS\" ldapsuffix="" ldaptls=1
host replication someuser 0.0.0.0/0 <http://0.0.0.0/0> ldap ldapserver=XXXXXXXXXXXXXXX ldapport=3268 ldapprefix="ADS\" ldapsuffix="" ldaptls=1
host replication someuser 0.0.0.0/0 <http://0.0.0.0/0> ldap ldapserver=XXXXXXXXXXXXXXX ldapport=3268 ldapprefix="ADS\" ldapsuffix="" ldaptls=1 

############ Configuration in 11.5 Version.
local all all ldap ldapserver=XXXXXXXXXXXXXXX ldapport=3268 ldapprefix="ADS\" ldapsuffix="" ldaptls=1
host all someuser xx.xx.xx.xx/32 ldap ldapserver=XXXXXXXXXXXXXXX ldapport=3268 ldapprefix="ADS\" ldapsuffix="" ldaptls=1
host all someuser ::1/128 ldap ldapserver=XXXXXXXXXXXXXXX ldapport=3268 ldapprefix="ADS\" ldapsuffix="" ldaptls=1
host all all 0.0.0.0/0 <http://0.0.0.0/0> ldap ldapserver=XXXXXXXXXXXXXXX ldapport=3268 ldapprefix="ADS\" ldapsuffix="" ldaptls=1
host all all ::1/128 ldap ldapserver=XXXXXXXXXXXXXXX ldapport=3268 ldapprefix="ADS\" ldapsuffix="" ldaptls=1
host replication someuser 0.0.0.0/0 <http://0.0.0.0/0> ldap ldapserver=XXXXXXXXXXXXXXX ldapport=3268 ldapprefix="ADS\" ldapsuffix="" ldaptls=1
host replication someuser 0.0.0.0/0 <http://0.0.0.0/0> ldap ldapserver=XXXXXXXXXXXXXXX ldapport=3268 ldapprefix="ADS\" ldapsuffix="" ldaptls=1
host replication someuser 0.0.0.0/0 <http://0.0.0.0/0> ldap ldapserver=XXXXXXXXXXXXXXX ldapport=3268 ldapprefix="ADS\" ldapsuffix="" ldaptls=1 

host    replication     replicator  XXXXXXXXXXXXX/22        md5

host    replication     replicator  1XXXXXXXXXXXX/22        md5

Linux Version: Red Hat Enterprise Linux Server release 6.10 (Santiago)
Server Installation is Source code installation. Custom build for our environment. 

Authentication logs from PG 11.5:
2020-02-24 00:00:15 MST [25089]: application=[unknown],host=xx.xx.xxx.xx(55742),user=[unknown],db=[unknown],state=00000 LOG:  connection received: host=xx.xx.xxx.xx port=55742
2020-02-24 00:00:16 MST [25090]: application=[unknown],host=xx.xx.xxx.xx(55748),user=[unknown],db=[unknown],state=00000 LOG:  connection received: host=xx.xx.xxx.xx port=55748
2020-02-24 00:00:16 MST [25092]: application=[unknown],host=xx.xx.xxx.xx(55765),user=[unknown],db=[unknown],state=00000 LOG:  connection received: host=xx.xx.xxx.xx port=55765
2020-02-24 00:00:16 MST [25093]: application=[unknown],host=xx.xx.xxx.xx(55770),user=[unknown],db=[unknown],state=00000 LOG:  connection received: host=xx.xx.xxx.xx port=55770
2020-02-24 00:00:17 MST [25090]: application=[unknown],host=xx.xx.xxx.xx(55748),user=Someuser,db=test_db,state=00000 LOG:  connection authorized: user=Someuser database=test_db
2020-02-24 00:00:17 MST [25089]: application=[unknown],host=xx.xx.xxx.xx(55742),user=Someuser,db=test_db,state=00000 LOG:  connection authorized: user=Someuser database=test_db
2020-02-24 00:00:17 MST [25092]: application=[unknown],host=xx.xx.xxx.xx(55765),user=Someuser,db=test_db,state=00000 LOG:  connection authorized: user=Someuser database=test_db
2020-02-24 00:00:17 MST [25093]: application=[unknown],host=xx.xx.xxx.xx(55770),user=Someuser,db=test_db,state=00000 LOG:  connection authorized: user=Someuser database=test_db 

Authentication logs from PG 9.4:
2020-02-17 22:40:01 MST [127575]: application=[unknown],host=xx.xx.xx.xx(39451),user=[unknown],db=[unknown] LOG: connection received: host=xx.xx.xx.xx port=39451
2020-02-17 22:40:01 MST [127575]: application=[unknown],host=xx.xx.xx.xx(39451),user=Someuser,db=test_db LOG:  connection authorized: user=Someuser database=test_db
2020-02-24 21:57:44 MST [117472]: application=[unknown],host=xx.xx.xx.xx(58500),user=[unknown],db=[unknown] LOG: connection received: host=xx.xx.xx.xx port=58500
2020-02-24 21:57:44 MST [117472]: application=[unknown],host=xx.xx.xx.xx(58500),user=Someuser,db=test_db LOG:  connection authorized: user=Someuser database=test_db
2020-02-24 21:58:27 MST [117620]: application=[unknown],host=xx.xx.xx.xx(58520),user=[unknown],db=[unknown] LOG: connection received: host=xx.xx.xx.xx port=58520
2020-02-24 21:58:27 MST [117620]: application=[unknown],host=xx.xx.xx.xx(58520),user=Someuser,db=test_db LOG:  connection authorized: user=Someuser database=test_db
2020-02-24 21:58:31 MST [117632]: application=[unknown],host=xx.xx.xx.xx(58524),user=[unknown],db=[unknown] LOG: connection received: host=xx.xx.xx.xx port=58524
2020-02-24 21:58:31 MST [117632]: application=[unknown],host=xx.xx.xx.xx(58524),user=Someuser,db=test_db LOG:  connection authorized: user=Someuser database=test_db 

We also have a local .ldaprc file with below entry

TLS_REQCERT allow
On Tue, Feb 25, 2020 at 2:28 AM Adrian Klaver <adrian.klaver@xxxxxxxxxxx <mailto:adrian.klaver@xxxxxxxxxxx>> wrote: 

    On 2/24/20 11:50 AM, Mani Sankar wrote:
     > Hi All,
     >
     > We have recently upgraded our postgres servers from 9.4 version
    to 11.5
     > version. Post upgrade we are see delay in authentication.
     >
     > Issue is when we are using ldaptls=1 the authentication takes 1
    second
     > or greater than that. But if I disable ldaptls it's getting
     > authenticated within milliseconds.
     >
     > But in 9.4 even if I enable ldaptls it's getting authenticated
    within
     > milliseconds any idea why we are facing the issue?

    This is going to need a good deal more information:

    1) OS the server is running on and did the OS or OS version change with
    the upgrade?

    2) How was the server installed from packages(if so from where?) or
    from
    source?

    3) The configuration for LDAP in pg_hba.conf.

    4) Pertinent information from the Postgres log.

    5) Pertinent information from the system log.

     >
     > Regards,
     > Mani.
     >
-- Adrian Klaver 
    adrian.klaver@xxxxxxxxxxx <mailto:adrian.klaver@xxxxxxxxxxx>




--
Adrian Klaver
adrian.klaver@xxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux