Speeding up LDAP authentication

Lots of people use SGD with Directory Servers and it's easy to setup.
In the Array Manager simply enable the LDAP login authority and point SGD at the Directory Server.
Here's an example:

Now out of the box the LDAP login authority is very thorough in checking the supplied username against all of these searchAttributes:
{ cn, uid, mail, userPrincipalName, sAMAccountName }

And so for large directories this may take some time and lead to a slow login process.

So here's a tip:
Trim the list of search attributes down to say { cn, mail }.
The command to do this is:

/opt/tarantella/bin/tarantella config edit --searchldapla.properties-searchAttributes cn mail

Hopefully you'll see that this makes searches much faster and consequently the login process too.

-FB

Posted on: Apr 18, 2007

Posted by: TheFatBloke

Category: SGD

Permanent link to this entry

Comments:

Great page, really useful tip, thanks Fat Bloke. The config edit command needs the sgd server to be stopped before it can be run.

Posted by Fat bloke's number 1 fan on April 20, 2007 at 11:47 AM BST #

The Fat Bloke Sings: Thoughts from a Fat Bloke

Speeding up LDAP authentication

About this weblog

Your Current Location

Up to 10 Recent Entries

Feeds

Categories

Other Blog Features

Search

Bookmarks