Am Tue, 1 Sep 2015 06:44:08 +0000 schrieb "Fischer, Johannes" johannes.fischer@ipa.fraunhofer.de:
Hi Dieter,
I've tried it with a quite accurate filter request: (& (cn=aaa) (objectClass=vfkUser) ) Scope: singleLevel Sizelimit: 1 Baseobject : cn=user, ...
The only result have been transferred from the server after 2ms, but the success packet still need 2-3s.
Do I have to edit something on the server side?
Greetings John
PS. the cn's in the entry 'cn=user' are unique...
This is rather strange, could you run slapd in debugging mode (-d-1) in order to watch the internal process?
-Dieter
-----Ursprüngliche Nachricht----- Von: openldap-technical [mailto:openldap-technical-bounces@openldap.org] Im Auftrag von Dieter Klünter Gesendet: Freitag, 28. August 2015 09:46 An: openldap-technical@openldap.org Betreff: Re: Send Success with first found entry
Am Fri, 28 Aug 2015 05:42:37 +0000 schrieb "Fischer, Johannes" johannes.fischer@ipa.fraunhofer.dehttp://ldapcon.org/2015/:
Hi again,
more and more I get a feeling how all this work together. But often you don't know what you actually need to look up...
I've looked on the LDAP server of the Institute to get a feeling how the real IT-guys managed their server... (It was a disaster from a data protection perspective...) Some things were quit nice, for example that the server send a "success" with the first found entry in a subtree.
On my openLDAP instance I receive a entry of a subtree after 20-30ms but the success packet need 200ms. For me this behavior is not clear due to the fact, that the entries in the directory need to be unique.
The Example: I'm using the Spring security framework and trigger with "ldapTemplate.lookup("cn=" + _name + ",dc=users");" a lookup. On wireshark I see a search request with the scope "baseObject" and The Filter "objectClass=*". After 33ms I receive a searchResEntry packet, so the Server found something and could also stop. But I think in the background all the other entries in the Subtree "dc=users", are looked through also. After 230ms the success packet arrive at my computer. (see also Attachment)
My Question, is there a possibility to emit a success together with the first found entry?
In fact, this depends on your filter design. The rate of hits decreases with the degree of accuracy.
-Dieter
-- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E