Am Fri, 28 Aug 2015 05:42:37 +0000
schrieb "Fischer, Johannes" <johannes.fischer(a)ipa.fraunhofer.de>:
more and more I get a feeling how all this work together. But often
you don't know what you actually need to look up...
I've looked on the LDAP server of the Institute to get a feeling how
the real IT-guys managed their server... (It was a disaster from a
data protection perspective...) Some things were quit nice, for
example that the server send a "success" with the first found entry
in a subtree.
On my openLDAP instance I receive a entry of a subtree after 20-30ms
but the success packet need 200ms. For me this behavior is not clear
due to the fact, that the entries in the directory need to be unique.
I'm using the Spring security framework and trigger with
"ldapTemplate.lookup("cn=" + _name + ",dc=users");" a
wireshark I see a search request with the scope "baseObject" and The
Filter "objectClass=*". After 33ms I receive a searchResEntry packet,
so the Server found something and could also stop. But I think in the
background all the other entries in the Subtree "dc=users", are
looked through also. After 230ms the success packet arrive at my
computer. (see also Attachment)
My Question, is there a possibility to emit a success together with
the first found entry?
In fact, this depends on your filter design. The rate of hits decreases
with the degree of accuracy.
Dieter Klünter | Systemberatung
GPG Key ID: E9ED159B