Slow Authentication

If authentication is taking up to a minute per user, verify that your DNS server has been enabled for reverse lookups. The JNDI module in Identity Server sends out a request to resolve the IP address of the LDAP server to a DNS name. If your DNS server is not enabled for reverse lookups, it takes 10 seconds for this request to fail before Identity Server can continue with the authentication request.

If your user store resides on SUSE Linux Enterprise Server 10, which installs with a firewall, you must open TCP 524. For more information about the ports that must be open when a firewall separates the user store from other Access Manager components, see Setting Up Firewalls in the NetIQ Access Manager 5.0 Installation and Upgrade Guide.

If your LDAP user store is large, ensure that the search contexts are as specific as possible to avoid searching the entire tree for a user.