Re: Login with LDAP authentication takes 5 seconds

Thanks a lot to all of you for your valuable hints. So I tried some more
and found that traceroute and ping show the same symptoms, i.e. first call
takes 5 seconds. However, traceroute -4 and ping -4 always respond
immediately.
So, searching for "linux dns lookup takes long ipv4" brought me to
https://askubuntu.com/a/32312 on AskUbuntu that suggested adding

options single-request

to /etc/resolv.conf. And wow, this did the trick.
So, according to the page linked there, I'm maybe having to do with a DNS
Server or Firewall that doesn't handle the parallel IPv4 and IPv6 requests
properly... I'll check with my IT.

Thank you again, folks.

Andy

On 31 May 2018 at 16:54, Achilleas Mantzios <achill(at)matrix(dot)gatewaynet(dot)com>
wrote:

> On 28/05/2018 17:26, Andreas Schmid wrote:
>
> Hi,
>
> I configured my PostgreSQL 10 DB on Debian 9.2 with LDAP authentication
> (simple bind mode). While this basically works, it has the strange effect
> that the first login with psql takes around 5 seconds. When I reconnect
> within 60 seconds, the login completes immediately.
>
> The LDAP server is behind a firewall. So for a test, in pg_hba.conf I put
> the LDAP servers IP address instead of its DNS name (for parameter
> ldapserver). Like that, all logins complete immediately. But in general I
> prefer specifying the DNS name rather than the IP.
>
> When I checked on the DB machine with the following commands
> host my.ldap.server.org
> dig my.ldap.server.org
> both always returned the host name and IP address of the LDAP server
> immediately.
>
> Does anyone of you have an explanation for this, or a hint, where I could
> do some further investigation?
>
> IPv4 vs IPv6 ? any strange timeouts? look in the postgresql logs for any
> messages.
> Also definitely ran wireshark, it'll tell you a lot on what's happening
> between postgresql and your LDAP .
>
>
> Thanks,
> Andy
>
>
> --
> Achilleas Mantzios
> IT DEV Lead
> IT DEPT
> Dynacom Tankers Mgmt
>
>