Univention Bugzilla – Bug 38618
pwd_scheme_kinit needs caching
Last modified: 2015-08-06 18:00:44 CEST
We should add a SDB article for this issue. Workaround is to install the password service and synchronize the password hashes from AD to OpenLDAP. +++ This bug was initially created as a clone of Bug #38239 +++ Ticket#2015040121000218 LDAP-Binds in AD Member Mode environment are quite less performant that "normal" LDAP-Binds. Probably this is because of the "overhead" added by pwd_scheme_kinit. This is especially seen with apps like Zarafa as the Zarafa WebApp does not cache credentials itself and does a lot of LDAP binds (more than 10 within a minute of "normal work" for a user) because of this. pwd_scheme_kinit should cache the hash of the users password (for X time units) when the ticket is granted so that consequent binds can use the local hash for authentication.
*** Bug 38249 has been marked as a duplicate of this bug. ***
@Janis: Could you please take a look? Thx
Changed as discussed; looks good.