Win32 version working OK [was Re: Speed difference, which version to use?]
Michael Ströder
michael at stroeder.com
Mon Jun 24 11:19:47 CEST 2002
Mauro Cicognini wrote:
> I'm glad to announce that I've found the limiting factor for the 5-odd
> seconds delay during binds,
Note that with python-ldap 2.0.0pre04 ldap.initialize() is used in
any case which wraps ldap_initialize in the OpenLDAP libs.
ldap_initialize() has a slightly different behaviour than
ldap_open(). AFAIK it just initializes the LDAP connection context
but does not open the LDAP connection. The LDAP connection is
opened when doing the first LDAPRequest - no matter which one.
Having said this I'd like to see your test script. You might wanna
check if the delay really happens during BindRequest or any first
LDAPRequest. Note that LDAPv3 does not require you to send a
BindRequest prior to other LDAPRequests.
> By sniffing network traffic I saw that it wasn't LDAP's fault per se. In
> fact, for some reason the current libraries (as opposed to the old UMich
> libs that I used in PythonLDAP 1.x) do a reverse-resolution on the
> server's IP address before attempting to bind, on both DNS _and_ NetBIOS
> (remember I'm dealing with Windows machines here).
Hmm, reverse lookups might make sense when using LDAP over SSL or
LDAP with StartTLS to cross-check the server's name with the CN
attribute in the subject DN of the server certificate. Since the
OpenLDAP 1.x libs did not have any support for SSL/TLS this might
be an issue with OpenLDAP 2.x libs. Just thoughts, not sure though...
> Note that the I passed the LDAP server's address as a DNS name, and that
> the IP address was correctly resolved by my DNS server.
Can you please try to use the IP address directly and check if the
same behaviour happens?
> Anyhow, the
> client always tries to find the NetBIOS name of the server machine, and
> this was what caused the delay, since my LDAP server is behind a
> firewall which is configured to disallow NetBIOS queries (the client
> tries 3 times the query, then gives up). Once I let NetBIOS-ns through
> (UDP port 137) the delay disappeared.
> [..]
> I can tell that it isn't Windows fault, at least:
I'm not sure if that conclusion is right.
1. I remember reverse lookup problems with various software on
Windows. (Therefore your observation is very interesting for other
things too.)
2. I can't imagine why the OpenLDAP 2 libs should explicitly do
reverse NETBIOS lookups other than using a default parameter
somewhere which causes that. Now how's the behaviour on Windows
with the normal OpenLDAP tools ldapsearch, etc.?
Ciao, Michael.
More information about the python-ldap
mailing list