Slow Ldap Authorization

[Arran Cudbard-Bell]

On 14 Jan 2013, at 23:35, Tyler Brady <tbrady at stc-comm.com> wrote:

> Can someone help point me in the right direction? LDAP is taking too long to authorize due to something in my configuration. Keep in mind that I am about as newb as you can get when it comes to this stuff. I apologize for my ignorance. Any help would be greatly appreciated.
>  
>   [ldap] Bind was successful
>   [ldap] performing search in DC=company,DC=com, with filter (&(sAMAccountName=RadiusUser))
>   [ldap] rebind to URL ldap://ForestDnsZones.company.com/DC=ForestDnsZones,DC=company,DC=com
>   [ldap] rebind to URL ldap://DomainDnsZones.company.com/DC=DomainDnsZones,DC=company,DC=com
>   [ldap] rebind to URL ldap://company.com/CN=Configuration,DC=company,DC=com
>   [ldap] ldap_release_conn: Release Id: 0
> [files]    expand: (|(&(objectClass=GroupOfNames)(member=%{control:Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{control:Ldap-UserDn}))) -> (|(&(objectClass=GroupOfNames)(member=CN\3dUser Name\2cOU\3dAlaska_Users\2cDC\3dcompany\2cDC\3dcom))(&(objectClass=GroupOfUniqueNames)(uniquemember=CN\3dUser Name\2cOU\3dAlaska_Users\2cDC\3dcompany\2cDC\3dcom)))
>   [ldap] ldap_get_conn: Checking Id: 0
>   [ldap] ldap_get_conn: Got Id: 0
>  
>  
> Should it rebind three times to different ldap URL? If not, how do I change this? I have tried pretty much every BaseDN combination possible.
>  
> Why is it adding  “2c and 3d,” here >>      “ …)(member=CN\3dUser Name\2cOU\3dAlaska_Users\2cDC\3dcompany... ”

Look. This is absolutely not a RADIUS issue, you need to buy a book on LDAP and read up on referals, and escaping special characters. Anyone involved in AAA needs to know about these fundimental protocols, spoonfeeding you information will not help your understanding of them.

-Arran