[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Send Success with first found entry

Am Fri, 28 Aug 2015 05:42:37 +0000
schrieb "Fischer, Johannes" <johannes.fischer@ipa.fraunhofer.de>:

> Hi again,
> more and more I get a feeling how all this work together. But often
> you don't know what you actually need to look up...
> I've looked on the LDAP server of the Institute to get a feeling how
> the real IT-guys managed their server... (It was a disaster from a
> data protection perspective...) Some things were quit nice, for
> example that the server send a "success" with the first found entry
> in a subtree.
> On my openLDAP instance I receive a entry of a subtree after 20-30ms
> but the success packet need 200ms. For me this behavior is not clear
> due to the fact, that the entries in the directory need to be unique.
> The Example:
> I'm using the Spring security framework and trigger with
> "ldapTemplate.lookup("cn=" + _name + ",dc=users");" a lookup. On
> wireshark I see a search request with the scope "baseObject" and The
> Filter "objectClass=*". After 33ms I receive a searchResEntry packet,
> so the Server found something and could also stop. But I think in the
> background all the other entries in the Subtree "dc=users", are
> looked through also. After 230ms the success packet arrive at my
> computer. (see also Attachment)
> My Question, is there a possibility to emit a success together with
> the first found entry?

In fact, this depends on your filter design. The rate of hits decreases
with the degree of accuracy.


Dieter Klünter | Systemberatung
GPG Key ID: E9ED159B