[Date Prev][Date Next] [Chronological] [Thread] [Top]

Performance and TLS on bind/search operations.


 I noticed binds to the LDAP server with TLS off (plain connection) generate around 14 packets, while with TLS on, generate around twice the number of packets. It's not always twice, but near that.
 The smtp server only does anonymous binds do LDAP, while the IMAP server always use TLS, because it makes bind with DN/passwords. I don't think about changing this setup (smtp = plain connections, imap = tls connections).

 My question is about other software, code me and others write, that makes queries to the same LDAP server. We want to define a standard to always use TLS on code any of us write, so we don't need to recheck the code, to find if authenticated binds are being made without TLS, or sensitive data is being passed on a LDAP query with plain text connections. We can't always be sure if sensitive data will be passed, it's not just passwords. 

 My question is, any of you can share your experience on LDAP perfomance regarding this, whether or not to *always use TLS*? I think it's best to be sure we always use TLS, but don't know the impact on performance. For the code we write I guess it will be no more than 100 connections/hour (bind operations). That's really not much, so I think TLS on everything won't be a problem. The real load is the smtp server use of LDAP, thousands/hour, but that's all plain connections, anon bind, search operations.


Manage Clusters Easier
Easy to use Graphical Interface. Get 90-99% HW Utilization - Try Moab.

Powered by Outblaze