Andrew,
Thanks for your input.
Comments below...
"Andrew Libby" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Emilio,
>
> Few thoughts:
>
> o Is the call syntax you're using for ldap_read() correct? The online
> manual page describes the second parameter as being the base dn,
> you're passing the user's username. ( getenv("REMOTE_USER")). I'm
> surprised that this code works.
There's a parameter on httpd.conf that is: AuthLDAPRemoteUserIsDN On.
I'm using the auth_ldap.so 1.6.0 from Dave Carrigan.
When executing phpinfo(), REMOTE_USER returns this:
uid=username,ou=People,dc=mydomain,dc=com
That's why it works.
> o The comparisons you're making: Are they comparing similar LDAP
searches.
> There are issues that may not involve PHP at all that could be the
cause
> of you're performance issue. For example, you're search could find
all
> entries with a cn attribute at the base dn. This could potentially
be
> a large number of entries. Also, if you search for something and
the
> attributes you reference in your search filter are not indexed
performance
> will degrade linearly as you add more entries to your directory.
The searches are comparable. The perl function does the same, but in perl.
This is the way I got around it. Actually, the PHP seems more efficient, but
in Perl is a lot faster:
#!/usr/bin/perl
# General Declarations -------------------------------------------------
use Net::LDAP qw(:all);
$webpage = new CGI; # Declare instanced.
$client_user = getldapcn( $webpage->user_name ); # Web client user - from
Auth.
sub getldapcn
{
my ( $query )=@_;
my $retstr;
$ldap = Net::LDAP->new( "localhost" ) or die "$@";
$mesg = $ldap->bind( version => 3 );
$result = $ldap->search(
base => "$query",
scope => "sub",
filter => "cn=*"
);
foreach my $entr ( $result->entries )
{
$retstr = $entr->get_value( "cn" );
}
# close
$ldap->unbind;
return( $retstr );
}
# That's it! -----------------------------------------------------------
> o Session Caching. At CommNav, we've had good success with this
strategy.
> We store quite a bit of information in the users session. It's not
> uncommon for our user sessions to grow to above 100Kb, and I've seen
> them as big as 300Kb. Retrieving data from the session (i.e. the
> unserialize() function) is much less expensive then going to LDAP
for
> every hit to the web app.
Thanks. That's what I'm doing now, and it really makes a difference., but
still, I don't know why the LDAP query takes so much time in the first
place.
> Since these thoughts are not related to PHP, you can feel free to
contact
> me off-list to discuss further.
>
> Andy
Thanks,
Emilio
>
>
> On Sat, Aug 18, 2001 at 05:07:26PM -0400, Emilio Panighetti wrote:
> > I have OpenLDAP and PHP 4.0.4p1 on a RedHat 7.1 (plain distribution,
didn't
> > recompile anything, and I use MOD_LDAP to authenticate users to an
intranet
> > site. I want PHP pages to show the real username so I have this function
I
> > call when I want to know the username.
> >
> > the mod_ldap queries and ldap queries from a Perl CGI return very fast.
On
> > Perl I don't notice an performance issue (with less than a couple
> > queries/second), but each query using PHP takes about two full seconds
(or
> > more). I did a workaround keeping the result on a session variable, but
it's
> > still slow every time I call this function.
> > mod_ldap stores the user's dn on the REMOTE_USER environment variable.
> >
> > Here's the function. I don't know how to make it faster.
> >
> > Thanks,
> > Emilio Panighetti
> >
> > <?php
> > // Retrieves user's real name from LDAP
> > function ldapcnsearch()
> > {
> > $s_ldapserver = "localhost";
> > $s_ldapport = 389;
> > $ds = ldap_connect( "ldap://".$s_ldapserver.":".$s_ldapport );
> > ldap_set_option( $ds, LDAP_OPT_PROTOCOL_VERSION, 3);
> > $qar[] = "cn";
> > if ( $ds ) {
> > $r = ldap_bind( $ds );
> > $sr = ldap_read( $ds, getenv( "REMOTE_USER" ), "cn=*", $qar, 0, 1,
> > 1 );
> > $info = ldap_get_entries($ds, $sr);
> > $s_RealName = $info[0]["cn"][0];
> > ldap_close( $ds );
> > return( $s_RealName );
> > }
> > }
> > ?>
> >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail: [EMAIL PROTECTED]
> >
>
> --
> --------------------------------------------------
> Andrew Libby
> Director of Technology
> CommNav, Inc
> [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]