[Date Prev][Date Next] [Chronological] [Thread] [Top]
Bad Performance SASL/TLS??

To: ldap-software <openldap-software@OpenLDAP.org>
Subject: Bad Performance SASL/TLS??
From: Zorc <Zorc!@unileoben.ac.at>
Date: Tue, 03 Apr 2001 00:22:33 +0200
i all!

I'm a newbie on openldap. After all I've got that thing
running :)  (openldap 2.0.7,cyrus sasl 1.5.24, openssl0.9.6
on redhat 7 using Linuxthreads), but the performance is really bad when
doing an
ldapserach -Z. The sasl-bind takes about 10-15 sec (when i see that <==
slap_sasl_bind: rc=14 from
the debug) and it takes even 5 sec till I'm prompted for the password.
When doing a search with ldapserach -x, everything is okay.

I only created one entry in the sasldb so far.
Could anyone please give me a hint what I'm doing wrong?

I use the following directive in slapd.conf:
   sasl-secprops   none
to enable all sasl mechanisms.

Besides i get such debug-messages as:  (Resource temporarily
unavailable)

Here are the complete debug-messages, I hope this i not too much for
posting it
on the list:

daemon_init: listen on ldap:///
daemon_init: 1 listeners to open...
ldap_url_parse(ldap:///)
daemon: socket() failed errno=97 (Address family not supported by
protocol)
daemon: initialized ldap:///
daemon_init: 1 listeners opened
slapd init: initiated server.
slap_sasl_init: initialized!
slapd startup: initiated.
slapd starting
daemon: added 6r
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: new connection on 9
ldap_pvt_gethostbyname_a: host=test.com, r=0
daemon: added 9r
daemon: activity on:
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 29 contents:
do_extended
ber_scanf fmt ({a) ber:
ber_get_next
ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable)
send_ldap_extended 0: (0)
send_ldap_response: msgid=1 tag=120 err=0
ber_flush: 14 bytes to sd 9
daemon: select: listen=6 active_threads=1 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
TLS trace: SSL_accept:SSLv3 read client key exchange A
TLS trace: SSL_accept:SSLv3 read finished A
TLS trace: SSL_accept:SSLv3 write change cipher spec A
TLS trace: SSL_accept:SSLv3 write finished A
TLS trace: SSL_accept:SSLv3 flush data
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 62 contents:
ber_get_next
ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable)
do_search
ber_scanf fmt ({aiiiib) ber:
ber_scanf fmt (o) ber:
ber_scanf fmt ({v}}) ber:
daemon: select: listen=6 active_threads=1 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=1 tvp=NULL
=> send_search_entry: ""
ber_flush: 87 bytes to sd 9
<= send_search_entry
send_ldap_result: conn=0 op=1 p=3
send_ldap_response: msgid=2 tag=101 err=0
ber_flush: 14 bytes to sd 9
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 24 contents:
ber_get_next
ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable)
do_bind
ber_scanf fmt ({iat) ber:
ber_scanf fmt ({a) ber:
ber_scanf fmt (}}) ber:
do_sasl_bind: dn () mech DIGEST-MD5
daemon: select: listen=6 active_threads=1 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=1 tvp=NULL
send_ldap_sasl: err=14 len=182
send_ldap_response: msgid=3 tag=97 err=14
ber_flush: 201 bytes to sd 9
<== slap_sasl_bind: rc=14
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 332 contents:
ber_get_next
ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable)
do_bind
ber_scanf fmt ({iat) ber:
ber_scanf fmt ({a) ber:
ber_scanf fmt (o) ber:
ber_scanf fmt (}}) ber:
do_sasl_bind: dn () mech DIGEST-MD5
daemon: select: listen=6 active_threads=1 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=1 tvp=NULL
send_ldap_sasl: err=14 len=40
send_ldap_response: msgid=4 tag=97 err=14
ber_flush: 56 bytes to sd 9
<== slap_sasl_bind: rc=14
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 24 contents:
do_bind
ber_get_next
ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable)
daemon: select: listen=6 active_threads=1 tvp=NULL
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=1 tvp=NULL
ber_scanf fmt ({iat) ber:
ber_scanf fmt ({a) ber:
ber_scanf fmt (}}) ber:
do_sasl_bind: dn () mech DIGEST-MD5
SASL Authorize [conn=0]: "root" as "u:root"
slap_sasl_bind: username="u:root" realm="test.com" ssf=128
<== slap_sasl_bind: authzdn: "uid=root + realm=test.com"
send_ldap_sasl: err=0 len=-1
send_ldap_response: msgid=5 tag=97 err=0
ber_flush: 14 bytes to sd 9
<== slap_sasl_bind: rc=0
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ldap_pvt_sasl_install
ber_get_next
ber_get_next: tag 0x30 len 37 contents:
ber_get_next
ber_get_next on fd 9 failed errno=11 (Resource temporarily unavailable)
do_search
ber_scanf fmt ({aiiiib) ber:
ber_scanf fmt (o) ber:
ber_scanf fmt ({v}}) ber:
daemon: select: listen=6 active_threads=1 tvp=NULL
send_ldap_result: conn=0 op=5 p=3
send_ldap_response: msgid=6 tag=101 err=32
ber_flush: 14 bytes to sd 9
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=1 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 9r
daemon: read activity on 9
connection_get(9): got connid=0
connection_read(9): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 5 contents:
ber_get_next
TLS trace: SSL3 alert read:warning:close notify
ber_get_next on fd 9 failed errno=0 (Success)
connection_read(9): input error=-2 id=0, closing.
connection_closing: readying conn=0 sd=9 for close
connection_close: deferring conn=0 sd=9
do_unbind
connection_resched: attempting closing conn=0 sd=9
connection_close: deferring conn=0 sd=9
connection_resched: attempting closing conn=0 sd=9
connection_close: conn=0 sd=9
daemon: removing 9
daemon: select: listen=6 active_threads=2 tvp=NULL
TLS trace: SSL3 alert write:warning:close notify
daemon: activity on 1 descriptors
daemon: select: listen=6 active_threads=0 tvp=NULL
slap_sig_shutdown: signal 2
slap_sig_shutdown: signal 2
daemon: shutdown requested and initiated.
daemon: closing 6
slapd shutdown: waiting for 0 threads to terminate
slap_sig_shutdown: signal 2
slap_sig_shutdown: signal 2
slapd shutdown: initiated
ldbm backend syncing
ldbm backend done syncing
====> cache_release_all
slapd shutdown: freeing system resources.
slapd stopped.


thanks

zorc
Prev by Date: Solaris 8 LDAP client to Openldap
Next by Date: OpenLDAP 2.0.7 on SunOS 5.6 - make fails
Index(es):
- Chronological
- Thread