We are experiencing some odd slowness issues with our LDAP Proxy Server. When using a main Application that get’s used a lot with LDAP here at our school, normal login was under 2 seconds. When we changed the Application to use the Duo Proxy LDAP Server, we saw that it would take up to 35 seconds before we would see the push on our phone. Not only does it do it with the phone, but same when logging in with a hardware token, and phone call. After doing the 2nd form of authentication, it logs us in right away. At other times, we have seen it go as quickly as 1-5 seconds. The Server that is running the LDAP Proxy Server is on the quickest hardware we own, so we know it’s not hardware related.
Are plan for now is add a 2nd Proxy server and do some load balancing, but we were unsure if that will really help or not.
The Server that is running the LDAP Proxy is Windows Server 2016, with 4GB of RAM, and 2 core, on flash memory.
Without knowing too much about your system it seems like going for an HA approach might be a good idea here.
One other thing we’ve seen that causes performance problems is the usage of monitoring services. If you have any services that send requests through the authproxy to check for health or uptime this can affect performance. Especially if these checks are performing very large LDAP searches. Reducing the scope of the search tends to help.
Piggy-backing on @Xander_Desai’s comment, there are a few steps in the process that may experience latency. It could be seen when the Duo proxy server is contacting the upstream LDAP server, when the Duo proxy server is contacting the Duo cloud service, in the mobile devices receiving the request from the Duo cloud service, etc.