[Date Prev][Date Next] [Chronological] [Thread] [Top]

AW: Send Success with first found entry

To: Dieter Klünter <dieter@dkluenter.de>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: AW: Send Success with first found entry
From: "Fischer, Johannes" <johannes.fischer@ipa.fraunhofer.de>
Date: Tue, 1 Sep 2015 06:44:08 +0000
Accept-language: en-US
Content-language: de-DE
In-reply-to: <20150828094542.4d11b0e9@pink.avci.de>
References: <EA7399765D4E5A44848CEFE00AE00BAC92DCCE@IPA-EX-MBX2.ipa.stuttgart> <20150828094542.4d11b0e9@pink.avci.de>
Thread-index: AdDhUckpUuz0Nrg8Q2GhZOD3zmVSvQAAv18AAMrrlNA=
Thread-topic: Send Success with first found entry

Hi Dieter,

I've tried it with a quite accurate filter request:
(&
    (cn=aaa)
    (objectClass=vfkUser)
)
Scope: singleLevel
Sizelimit: 1
Baseobject : cn=user, ...


The only result have been transferred from the server after 2ms, but the success packet still need 2-3s.

Do I have to edit something on the server side?

Greetings John

PS. the cn's in the entry 'cn=user' are unique...


-----Ursprüngliche Nachricht-----
Von: openldap-technical [mailto:openldap-technical-bounces@openldap.org] Im Auftrag von Dieter Klünter
Gesendet: Freitag, 28. August 2015 09:46
An: openldap-technical@openldap.org
Betreff: Re: Send Success with first found entry

Am Fri, 28 Aug 2015 05:42:37 +0000
schrieb "Fischer, Johannes" <johannes.fischer@ipa.fraunhofer.de>:

> Hi again,
> 
> more and more I get a feeling how all this work together. But often 
> you don't know what you actually need to look up...
> 
> I've looked on the LDAP server of the Institute to get a feeling how 
> the real IT-guys managed their server... (It was a disaster from a 
> data protection perspective...) Some things were quit nice, for 
> example that the server send a "success" with the first found entry in 
> a subtree.
> 
> On my openLDAP instance I receive a entry of a subtree after 20-30ms 
> but the success packet need 200ms. For me this behavior is not clear 
> due to the fact, that the entries in the directory need to be unique.
> 
> The Example:
> I'm using the Spring security framework and trigger with 
> "ldapTemplate.lookup("cn=" + _name + ",dc=users");" a lookup. On 
> wireshark I see a search request with the scope "baseObject" and The 
> Filter "objectClass=*". After 33ms I receive a searchResEntry packet, 
> so the Server found something and could also stop. But I think in the 
> background all the other entries in the Subtree "dc=users", are looked 
> through also. After 230ms the success packet arrive at my computer. 
> (see also Attachment)
> 
> My Question, is there a possibility to emit a success together with 
> the first found entry?

In fact, this depends on your filter design. The rate of hits decreases with the degree of accuracy.

-Dieter



--
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E

Follow-Ups:
- Re: Send Success with first found entry
  - From: Dieter Klünter <dieter@dkluenter.de>

Prev by Date: AW: Permission management with LDAP
Next by Date: Re: Permission management with LDAP
Index(es):
- Chronological
- Thread