We have a multi domain AD structur and the login process takes about 2-3 seconds using LDAP. The duration of the login process depends on how large your AD is and how you configured the LDAP search string. So if you, for example, have a large AD and start the group search at top level, it takes time for your LDAP server to search through the whole AD. There are some errors in the LDAP configuration in your last posting, so maybe this can help you. Generally... to avoid typos with DNs it is a good idea to use a tool like ADExplorer from Sysinternals to copy/paste the DN of a User or group. Authentication required ---------------------------------- If authentication is required for an LDAP search, then you must enter the DN of an appropriate account here. For example: CN=LDAPUser, OU=Users, DC=Creditocoucion, DC=es Finding user entries ---------------------------- Here you have to define where the LDAP search will start searching for a user and what filter will be used for the search. To start at top level this could be DC=creditocoucion,DC=es What filter to use depends on how you want to search for the user within the AD. If your users uses their normal AD login name, then the filter would be..... sAMAccountName=<USERNAME> ...where sAMAccountName is the LDAP attribute you want to check. Again...use a tool like ADExplorer to see which LDAP attributes are available if you want to do some special things. :-) Determing group membership ------------------------------------------ This is a little bit the same as "Finding user entries". Here you define where the LDAP search should start to determine if a user belongs to a group. This is necessary if you want to grant permissions based on group membership. If you want to do so, than, in my opinion, it would be a good idea to use dedicated groups for this and to put this group in an extra OU. This would speed up the lookup. For example an OU named "SSL-Groups". The base DN would then be... OU=SSL-Group, DC=creditocoucion,DC=es The filter : cn=<GROUPNAME> Member attribute : member Hope this helps you a little bit
... View more