MRBS 1.4.8. When generating a table view (e.g. day or week view), the table is generated by calling cell_html() for every cell. The cell_html() function calls getUserName(), which, despite its name, actually verifies the password by calling authValidateUser().
If using HTTP sessions and LDAP authentication, generating a day view for an area with 10 rooms and 30 time slots takes over 25 seconds. The effect of ~ 300 LDAP connects and binds on performance is brutal. Ideally, there should only be one connect and bind to LDAP.
A quick hack is to add a static $cachedUserName to getUserName() in session_http.inc. If authValidUser($user,getAuthPassword()) succeeds, then set $cachedUserName=$user. It's not architecturally elegant, but it does bring the response time down to ~ 400 ms when the right password is given. A more appropriate solution would be to lift the invariant out of the table-cell loop. Another solution would be to separate authValidateUser() from getUserName() — the cell just wants to know whether the user should be presented with the UI elements to initiate editing of an entry, which is not in itself an act that needs to be verified. There is still the edit screen and the submission of that form.