From owner-freebsd-questions@FreeBSD.ORG Thu Mar 12 07:41:28 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 093C01065740 for ; Thu, 12 Mar 2009 07:41:28 +0000 (UTC) (envelope-from ohartman@zedat.fu-berlin.de) Received: from outpost1.zedat.fu-berlin.de (outpost1.zedat.fu-berlin.de [130.133.4.66]) by mx1.freebsd.org (Postfix) with ESMTP id B469D8FC22 for ; Thu, 12 Mar 2009 07:41:27 +0000 (UTC) (envelope-from ohartman@zedat.fu-berlin.de) Received: from inpost2.zedat.fu-berlin.de ([130.133.4.69]) by outpost1.zedat.fu-berlin.de (Exim 4.69) for freebsd-questions@freebsd.org with esmtp (envelope-from ) id <1LhfXi-0003op-Pa>; Thu, 12 Mar 2009 08:41:26 +0100 Received: from telesto.geoinf.fu-berlin.de ([130.133.86.198]) by inpost2.zedat.fu-berlin.de (Exim 4.69) for freebsd-questions@freebsd.org with esmtpsa (envelope-from ) id <1LhfXi-0004ik-OI>; Thu, 12 Mar 2009 08:41:26 +0100 Message-ID: <49B8BC3F.3070309@zedat.fu-berlin.de> Date: Thu, 12 Mar 2009 07:39:43 +0000 From: "O. Hartmann" Organization: Freie =?ISO-8859-15?Q?Universit=E4t_Berlin?= User-Agent: Thunderbird 2.0.0.19 (X11/20090311) MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit X-Originating-IP: 130.133.86.198 Subject: OpenLDAP 2.4.13/14/15: Need long time to autheticate since update from 2.4.11 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Mar 2009 07:41:31 -0000 Hello, since we updated ports on our FreeBSD boxes and so OpenLDAP from 2.4.11 -> 2.4.15 and its sibblings authetication on the first attempt from a client to the server takes a long time. The phenomenon is on several flavours of FreeBSD the same (7.1-STABLE/i386 + amd64 UP and SMP and FreeBSD 8.0-CURRENT/amd64 SMP). When login in on a client which is connecting to slapd for authentication the first attempt takes approx. 10 - 20 seconds to perform. In case of sshd, some users simply hit return getting to the second-try prompt and then the OpebLDAP server performs instantanously. In situations where someone can't perform the first auth-attempt with NULL/RETURN (like automated su/rsync/scp or something else) this behaviour boring. I tried to sniff on the server-client communication and watched the log but nothing shows up suspicious actions, everything seems all right except the wait on the first attempt. I try to track down the problem to a misconfiguration, but with OpenLDAP 2.4.11 everything runs fine as expected, so I suspect a change in LDAP. Besides, this behaviour is also present on freshly installed FreeBSD 8.0 boxes, so I doubt I forgot a relevant package to be updated when recompiling everything necessary to run OpenLDAP and its vicinity ... Regards, Oliver