Hi again,

 

more and more I get a feeling how all this work together. But often you don’t know what you actually need to look up…

 

I’ve looked on the LDAP server of the Institute to get a feeling how the real IT-guys managed their server…

(It was a disaster from a data protection perspective…)

Some things were quit nice, for example that the server send a “success” with the first found entry in a subtree.

 

On my openLDAP instance I receive a entry of a subtree after 20-30ms but the success packet need 200ms. For me this behavior is not clear due to the fact, that the entries in the directory need to be unique.

 

The Example:

I’m using the Spring security framework and trigger with “ldapTemplate.lookup("cn=" + _name + ",dc=users");” a lookup.

On wireshark I see a search request with the scope “baseObject” and The Filter “objectClass=*”. After 33ms I receive a searchResEntry packet, so the Server found something and could also stop. But I think in the background all the other entries in the Subtree “dc=users”, are looked through also. After 230ms the success packet arrive at my computer. (see also Attachment)

 

My Question, is there a possibility to emit a success together with the first found entry?

 

Greetings and thanks

John

 

--

Johannes Fischer

Research Fellow

Fraunhofer Institute for

Manufacturing Engineering and Automation IPA

 

Competence Centre Digital Tools for Manufactoring

 

Nobelstrasse 12 │ 70569 Stuttgart  |  Germany

Phone +49 711 970-1217

 

Johannes.Fischer@ipa.fraunhofer.de

www.ipa.fraunhofer.de