|
Yeah from your initial description I am guessing you
specified your domain name for host. If you do that, depending on the underlying
code for the resolution to a specific domain controller you can get ANY DC in
the forest. This is a very common issue with folks using LDAP libraries that
aren't the MSFT ones. They built a lot of cool logic into their libraries and if
you aren't running on Windows you should try and duplicate and if you are, you
should be using.
I am not sure I would solve this with lmhosts and short
hostnames. The best solutions I have seen to date
1. Duplicate the DNS lookups that MSFT does for the locator
service. This really isn't too hard and just takes a little bit of DNS code
which you should find several examples in the UNIX world. You can even make it
considerably smarter than the current Windows location services like looking at
site link costs etc to get the next closest site for instance.
2. Have a perl script (or some script) that does the
DNS lookups manually and inserts the results into the application
configuration every couple of hours or if there is a
failure.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Garrett Sent: Monday, July 24, 2006 4:16 PM To: [email protected] Subject: RE: [ActiveDir] LDAP Queries across WAN links I should have answered my own post, my apologies for being slack.
The symptoms were slow application launch on the first occurrence, faster the 2nd and subsequent launches.
We solved the problem in the ‘low-tech’ method.....LMHOSTS to direct use of the local DC’s.
Thanks for the reply. Al
-----Original
Message-----
Couple of things to get you started down the right path: 1) ldap is not an authentication protocol. Remember that as there will be a test later. 2) NTDSUTIL is not the tool to test with. LDP.EXE or one of the joeware tools might be better. There are several freeware tools that are also out there, but I've found that LDP is one of the easiest for a GUI based tool. 3) There are RFC's, books, websites, etc. What have you read so far and what types of questions does that lead you to? What I'm looking for is what aspect of LDAP you're wanting to follow. The field is wide, and we may need to narrow it down a bit to save time.
Also, can you describe the problems that you see? I mean, some details would be helpful. What language it's written in, how it was configured, what problem you see vs. what you expect to see, etc. would be really helpful. LDAP, in it's native state is not going to just pick a server out of a hat. Instead, it can either be told which server to use else use root dse (see RFC 2251 for explanation but basically it's a way to use name resolution to find directory servers.) Using root dse methods might make ldap seem less predictable in some cases.
Al On 7/24/06, Al Garrett <[EMAIL PROTECTED]> wrote: I'm am LDAP-challenged.
We have an application that appears to be performing LDAP authentication to a Domain Controller at a remote location vs. the local DC.
Is there a comprehensive site for coming up to speed on LDAP, how it's used, how to adjust it's performance, etc?
Is ntdsutil.exe the correct utility to modify how applications interact with LDAP?
Al Garrett SWCCD
|
- Re: [ActiveDir] LDAP Queries across WAN links Al Mulnick
- RE: [ActiveDir] LDAP Queries across WAN links Al Garrett
- RE: [ActiveDir] LDAP Queries across WAN links joe
