Am Tue, 1 Sep 2015 06:44:08 +0000 schrieb "Fischer, Johannes" <[email protected]>:
> Hi Dieter, > > I've tried it with a quite accurate filter request: > (& > (cn=aaa) > (objectClass=vfkUser) > ) > Scope: singleLevel > Sizelimit: 1 > Baseobject : cn=user, ... > > > The only result have been transferred from the server after 2ms, but > the success packet still need 2-3s. > > Do I have to edit something on the server side? > > Greetings John > > PS. the cn's in the entry 'cn=user' are unique... This is rather strange, could you run slapd in debugging mode (-d-1) in order to watch the internal process? -Dieter > > > -----Ursprüngliche Nachricht----- > Von: openldap-technical > [mailto:[email protected]] Im Auftrag von > Dieter Klünter Gesendet: Freitag, 28. August 2015 09:46 An: > [email protected] Betreff: Re: Send Success with first > found entry > > Am Fri, 28 Aug 2015 05:42:37 +0000 > schrieb "Fischer, Johannes" > <[email protected]>http://ldapcon.org/2015/: > > > Hi again, > > > > more and more I get a feeling how all this work together. But often > > you don't know what you actually need to look up... > > > > I've looked on the LDAP server of the Institute to get a feeling > > how the real IT-guys managed their server... (It was a disaster > > from a data protection perspective...) Some things were quit nice, > > for example that the server send a "success" with the first found > > entry in a subtree. > > > > On my openLDAP instance I receive a entry of a subtree after > > 20-30ms but the success packet need 200ms. For me this behavior is > > not clear due to the fact, that the entries in the directory need > > to be unique. > > > > The Example: > > I'm using the Spring security framework and trigger with > > "ldapTemplate.lookup("cn=" + _name + ",dc=users");" a lookup. On > > wireshark I see a search request with the scope "baseObject" and > > The Filter "objectClass=*". After 33ms I receive a searchResEntry > > packet, so the Server found something and could also stop. But I > > think in the background all the other entries in the Subtree > > "dc=users", are looked through also. After 230ms the success packet > > arrive at my computer. (see also Attachment) > > > > My Question, is there a possibility to emit a success together with > > the first found entry? > > In fact, this depends on your filter design. The rate of hits > decreases with the degree of accuracy. > > -Dieter > > > > -- > Dieter Klünter | Systemberatung > http://sys4.de > GPG Key ID: E9ED159B > 53°37'09,95"N > 10°08'02,42"E > -- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E
