[python-ldap] Querying Active Directory excessively slower than querying eDirectory
thorsten at thorstenkampe.de
Tue May 17 17:10:11 CEST 2011
* Michael Ströder (2011-05-17 16:54 +0200)
> Thorsten Kampe wrote:
> > * Cornelius Kölbel (2011-05-17 14:55 +0200)
> >> Am 17.05.2011 14:34, schrieb Thorsten Kampe:
> >>> In the Active Directory case it is the root of the domain partition
> >>> (/dc=conto
> >>> so,dc=com) in the eDirectory case it is the root of the tree. But that
> >>> shouldn't matter since the response with the query data comes within
> >>> sixty milliseconds. The filter is the default ((objectClass=*)).
> >> I do not know eDirectory that good.
> >> But in Active Directory you will also find the configuration partition
> >> underneath dc=contoso,dc=com, where you might habe no read access!
> >> Maybe this slows some things down?
> >> Do you also get slow results when using another search base like
> >> ou=myOrga,dc=contoso,dc=com ?
> > As I wrote, this is not a connectivity issue. AD and eDir return the
> > result over the network within less than a tenth of a second.
> Cornelius gives a valuable hint (as I did before) because of the
> returned by MS AD (e.g. for the configuration partition). Please re-read
> message and try turning off automatic referral chasing.
That solves the issue, thanks.
Please note that "hints" are only useful if the "hinted one" is on the
same level knowledgewise as the one who gives the hint. I did not know
that python-ldap actively tries to follow the referrals and I did not
know how to turn it off. I wasn't even aware of the connection attempts
since I filtered on port 50385 and not on 389.
More information about the python-ldap