First Last Prev Next    This bug is not in your last search results.
Bug 38618 - pwd_scheme_kinit needs caching
pwd_scheme_kinit needs caching
Status: CLOSED FIXED
Product: Z_SDB
Classification: Unclassified
Component: New entries
unspecified
Other Linux
: P5 normal
: UCS 4.0-2-errata
Assigned To: Tim Petersen
Janis Meybohm
http://sdb.univention.de/1332
:
: 38249 (view as bug list)
Depends on: 38239
Blocks:
  Show dependency treegraph
 
Reported: 2015-05-28 16:36 CEST by Stefan Gohmann
Modified: 2015-08-06 18:00 CEST (History)
6 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Roadmap discussion (moved)
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Gohmann univentionstaff 2015-05-28 16:36:52 CEST 
We should add a SDB article for this issue. Workaround is to install the password service and synchronize the password hashes from AD to OpenLDAP.


+++ This bug was initially created as a clone of Bug #38239 +++

Ticket#2015040121000218 

LDAP-Binds in AD Member Mode environment are quite less performant that "normal" LDAP-Binds. Probably this is because of the "overhead" added by pwd_scheme_kinit.

This is especially seen with apps like Zarafa as the Zarafa WebApp does not cache credentials itself and does a lot of LDAP binds (more than 10 within a minute of "normal work" for a user) because of this.

pwd_scheme_kinit should cache the hash of the users password (for X time units) when the ticket is granted so that consequent binds can use the local hash for authentication.
Comment 1 Tim Petersen univentionstaff 2015-05-29 06:55:17 CEST 
*** Bug 38249 has been marked as a duplicate of this bug. ***
Comment 2 Tim Petersen univentionstaff 2015-05-29 08:23:11 CEST 
@Janis: Could you please take a look? Thx
Comment 3 Janis Meybohm univentionstaff 2015-06-02 12:02:26 CEST 
Changed as discussed; looks good.
First Last Prev Next    This bug is not in your last search results.