cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Using Novell eDirectory 8.8.2 LDAP as UME -> inefficient LDAPqueries?

Former Member

on ‎10-17-2008 8:00 AM

0 Kudos

some questions about using ldap as ume...

we are using novell edirectory 8.8.2 to authenticate users which login to the enterprise portal (7.00 sp 12). the ldapqueries are rather inefficient or even wrong (which can be seen in the attached trace) and we´d like to simplify those.

where can the logic of these queries be configured?

why are the queries done two times (via two separate connections same query again, till it comes to a new bind with the user-dn)

P.S.:an attribute-mapping in the datasourceconfiguration_novell_readonly....xml hast to be changed as well, this is not resembled in the posted trace yet.

part of ldap-trace on novell edirectory-server:

13:40:42 2FC LDAP: DoSearch on connection 0x75df9f0

13:40:42 2FC LDAP: Search request:

base: "o=organization"

scope:2 dereference:3 sizelimit:0 timelimit:0 attrsonly:0

filter: "(&(objectclass=inetorgperson)(organizational_uniqueid=1229212021))"

attribute: "organizational_uniqueid"

attribute: "description"

attribute: "organizational_uniqueid"

13:40:42 8D4 LDAP: DoSearch on connection 0x901a228

13:40:42 8D4 LDAP: Search request:

base: "o=organization"

scope:2 dereference:3 sizelimit:0 timelimit:0 attrsonly:0

filter: "(&(objectclass=inetorgperson)(organizational_uniqueid=commonname))"

attribute: "organizational_uniqueid"

attribute: "description"

attribute: "organizational_uniqueid"

13:40:43 2FC LDAP: Sending search result entry "cn=1229212021,ou=ou01,o=organization" to connection 0x75df9f0

13:40:43 2FC LDAP: Sending operation result 0:"":"" to connection 0x75df9f0

13:40:43 818 LDAP: DoSearch on connection 0x75df9f0

13:40:43 818 LDAP: Search request:

base: "o=organization"

scope:2 dereference:3 sizelimit:0 timelimit:0 attrsonly:0

filter: "(|(&(objectclass=inetorgperson)(organizational_uniqueid=1229212021)))"

attribute: "objectclass"

13:40:44 8D4 LDAP: Sending search result entry "cn=commonname,ou=ou01,o=organization" to connection 0x901a228

13:40:44 8D4 LDAP: Sending operation result 0:"":"" to connection 0x901a228

13:40:44 818 LDAP: Sending search result entry "cn=1229212021,ou=ou01,o=organization" to connection 0x75df9f0

13:40:44 818 LDAP: Sending operation result 0:"":"" to connection 0x75df9f0

13:40:44 898 LDAP: DoSearch on connection 0x75df9f0

13:40:44 898 LDAP: Search request:

base: "cn=1229212021,ou=ou01,o=organization"

scope:0 dereference:3 sizelimit:0 timelimit:0 attrsonly:0

filter: "(objectClass=*)"

attribute: "organizational_uniqueid"

13:40:44 898 LDAP: Sending search result entry "cn=1229212021,ou=ou01,o=organization" to connection 0x75df9f0

13:40:44 898 LDAP: Sending operation result 0:"":"" to connection 0x75df9f0

13:40:44 930 LDAP: DoSearch on connection 0x75df9f0

13:40:44 930 LDAP: Search request:

base: "o=organization"

scope:2 dereference:3 sizelimit:0 timelimit:0 attrsonly:0

filter: "(&(objectclass=inetorgperson)(organizational_uniqueid=1229212021))"

attribute: "description"

attribute: "organizational_uniqueid"

13:40:44 860 LDAP: DoSearch on connection 0x901a228

13:40:44 860 LDAP: Search request:

base: "o=organization"

scope:2 dereference:3 sizelimit:0 timelimit:0 attrsonly:0

filter: "(|(&(objectclass=inetorgperson)(organizational_uniqueid=commonname)))"

attribute: "objectclass"

13:40:45 930 LDAP: Sending search result entry "cn=1229212021,ou=ou01,o=organization" to connection 0x75df9f0

13:40:45 860 LDAP: Sending search result entry "cn=commonname,ou=ou01,o=organization" to connection 0x901a228

13:40:45 930 LDAP: Sending operation result 0:"":"" to connection 0x75df9f0

13:40:45 860 LDAP: Sending operation result 0:"":"" to connection 0x901a228

13:40:45 89C LDAP: DoSearch on connection 0x901a228

13:40:45 89C LDAP: Search request:

base: "cn=commonname,ou=ou01,o=organization"

scope:0 dereference:3 sizelimit:0 timelimit:0 attrsonly:0

filter: "(objectClass=*)"

attribute: "organizational_uniqueid"

13:40:45 89C LDAP: Sending search result entry "cn=commonname,ou=ou01,o=organization" to connection 0x901a228

13:40:45 89C LDAP: Sending operation result 0:"":"" to connection 0x901a228

13:40:45 8E0 LDAP: New TLS connection 0x75de720 from 10.1.237.11:54917, monitor = 0x8b8, index = 17

13:40:45 8B8 LDAP: Monitor 0x8b8 initiating TLS handshake on connection 0x75de720

13:40:45 924 LDAP: DoTLSHandshake on connection 0x75de720

13:40:45 924 LDAP: BIO ctrl called with unknown cmd 7

13:40:45 924 LDAP: Completed TLS handshake on connection 0x75de720

13:40:45 7C0 LDAP: DoBind on connection 0x75de720

13:40:45 7C0 LDAP: Bind name:cn=1229212021,ou=ou01,o=organization, version:3, authentication:simple

13:40:45 7C0 LDAP: Sending operation result 0:"":"" to connection 0x75de720

13:40:45 8F4 LDAP: DoUnbind on connection 0x75de720

13:40:45 8F4 LDAP: Connection 0x75de720 closed

13:40:45 8EC LDAP: DoSearch on connection 0x9019f78

13:40:45 8EC LDAP: Search request:

base: "cn=commonname,ou=ou01,o=organization"

scope:0 dereference:3 sizelimit:0 timelimit:0 attrsonly:0

filter: "(objectClass=*)"

attribute: "givenname"

attribute: "sn"

attribute: "mail"

attribute: "displayname"

attribute: "organizational_uniqueid"

13:40:45 8EC LDAP: Sending search result entry "cn=commonname,ou=ou01,o=organization" to connection 0x9019f78

13:40:45 8EC LDAP: Sending operation result 0:"":"" to connection 0x9019f78

13:40:45 8D8 LDAP: DoSearch on connection 0x9019f78

13:40:45 8D8 LDAP: Search request:

base: "cn=commonname,ou=ou01,o=organization"

scope:0 dereference:3 sizelimit:0 timelimit:0 attrsonly:0

filter: "(objectClass=*)"

attribute: "groupmembership"

13:40:45 8D8 LDAP: Sending search result entry "cn=commonname,ou=ou01,o=organization" to connection 0x9019f78

13:40:45 8D8 LDAP: Sending operation result 0:"":"" to connection 0x9019f78

13:40:45 848 LDAP: DoSearch on connection 0x75df5e8

13:40:45 848 LDAP: Search request:

base: "cn=1229212021,ou=ou01,o=organization"

scope:0 dereference:3 sizelimit:0 timelimit:0 attrsonly:0

filter: "(objectClass=*)"

attribute: "givenname"

attribute: "sn"

attribute: "mail"

attribute: "displayname"

attribute: "organizational_uniqueid"

13:40:45 848 LDAP: Sending search result entry "cn=1229212021,ou=ou01,o=organization" to connection 0x75df5e8

13:40:45 848 LDAP: Sending operation result 0:"":"" to connection 0x75df5e8

13:40:45 8FC LDAP: DoSearch on connection 0x75df898

13:40:45 8FC LDAP: Search request:

base: "cn=notes,ou=groups,ou=ou01,o=organization"

scope:0 dereference:3 sizelimit:0 timelimit:0 attrsonly:0

filter: "(objectClass=*)"

attribute: "objectclass"

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎10-31-2008 6:38 AM
0 Kudos

so that means, nobody else has to modify those routines? i´d be very interested in information on that matter.

Show replies
Show replies
Ask a Question