on 10-17-2008 8:00 AM
some questions about using ldap as ume...
we are using novell edirectory 8.8.2 to authenticate users which login to the enterprise portal (7.00 sp 12). the ldapqueries are rather inefficient or even wrong (which can be seen in the attached trace) and we´d like to simplify those.
where can the logic of these queries be configured?
why are the queries done two times (via two separate connections same query again, till it comes to a new bind with the user-dn)
P.S.:an attribute-mapping in the datasourceconfiguration_novell_readonly....xml hast to be changed as well, this is not resembled in the posted trace yet.
part of ldap-trace on novell edirectory-server:
13:40:42 2FC LDAP: DoSearch on connection 0x75df9f0
13:40:42 2FC LDAP: Search request:
base: "o=organization"
scope:2 dereference:3 sizelimit:0 timelimit:0 attrsonly:0
filter: "(&(objectclass=inetorgperson)(organizational_uniqueid=1229212021))"
attribute: "organizational_uniqueid"
attribute: "description"
attribute: "organizational_uniqueid"
13:40:42 8D4 LDAP: DoSearch on connection 0x901a228
13:40:42 8D4 LDAP: Search request:
base: "o=organization"
scope:2 dereference:3 sizelimit:0 timelimit:0 attrsonly:0
filter: "(&(objectclass=inetorgperson)(organizational_uniqueid=commonname))"
attribute: "organizational_uniqueid"
attribute: "description"
attribute: "organizational_uniqueid"
13:40:43 2FC LDAP: Sending search result entry "cn=1229212021,ou=ou01,o=organization" to connection 0x75df9f0
13:40:43 2FC LDAP: Sending operation result 0:"":"" to connection 0x75df9f0
13:40:43 818 LDAP: DoSearch on connection 0x75df9f0
13:40:43 818 LDAP: Search request:
base: "o=organization"
scope:2 dereference:3 sizelimit:0 timelimit:0 attrsonly:0
filter: "(|(&(objectclass=inetorgperson)(organizational_uniqueid=1229212021)))"
attribute: "objectclass"
13:40:44 8D4 LDAP: Sending search result entry "cn=commonname,ou=ou01,o=organization" to connection 0x901a228
13:40:44 8D4 LDAP: Sending operation result 0:"":"" to connection 0x901a228
13:40:44 818 LDAP: Sending search result entry "cn=1229212021,ou=ou01,o=organization" to connection 0x75df9f0
13:40:44 818 LDAP: Sending operation result 0:"":"" to connection 0x75df9f0
13:40:44 898 LDAP: DoSearch on connection 0x75df9f0
13:40:44 898 LDAP: Search request:
base: "cn=1229212021,ou=ou01,o=organization"
scope:0 dereference:3 sizelimit:0 timelimit:0 attrsonly:0
filter: "(objectClass=*)"
attribute: "organizational_uniqueid"
13:40:44 898 LDAP: Sending search result entry "cn=1229212021,ou=ou01,o=organization" to connection 0x75df9f0
13:40:44 898 LDAP: Sending operation result 0:"":"" to connection 0x75df9f0
13:40:44 930 LDAP: DoSearch on connection 0x75df9f0
13:40:44 930 LDAP: Search request:
base: "o=organization"
scope:2 dereference:3 sizelimit:0 timelimit:0 attrsonly:0
filter: "(&(objectclass=inetorgperson)(organizational_uniqueid=1229212021))"
attribute: "description"
attribute: "organizational_uniqueid"
13:40:44 860 LDAP: DoSearch on connection 0x901a228
13:40:44 860 LDAP: Search request:
base: "o=organization"
scope:2 dereference:3 sizelimit:0 timelimit:0 attrsonly:0
filter: "(|(&(objectclass=inetorgperson)(organizational_uniqueid=commonname)))"
attribute: "objectclass"
13:40:45 930 LDAP: Sending search result entry "cn=1229212021,ou=ou01,o=organization" to connection 0x75df9f0
13:40:45 860 LDAP: Sending search result entry "cn=commonname,ou=ou01,o=organization" to connection 0x901a228
13:40:45 930 LDAP: Sending operation result 0:"":"" to connection 0x75df9f0
13:40:45 860 LDAP: Sending operation result 0:"":"" to connection 0x901a228
13:40:45 89C LDAP: DoSearch on connection 0x901a228
13:40:45 89C LDAP: Search request:
base: "cn=commonname,ou=ou01,o=organization"
scope:0 dereference:3 sizelimit:0 timelimit:0 attrsonly:0
filter: "(objectClass=*)"
attribute: "organizational_uniqueid"
13:40:45 89C LDAP: Sending search result entry "cn=commonname,ou=ou01,o=organization" to connection 0x901a228
13:40:45 89C LDAP: Sending operation result 0:"":"" to connection 0x901a228
13:40:45 8E0 LDAP: New TLS connection 0x75de720 from 10.1.237.11:54917, monitor = 0x8b8, index = 17
13:40:45 8B8 LDAP: Monitor 0x8b8 initiating TLS handshake on connection 0x75de720
13:40:45 924 LDAP: DoTLSHandshake on connection 0x75de720
13:40:45 924 LDAP: BIO ctrl called with unknown cmd 7
13:40:45 924 LDAP: Completed TLS handshake on connection 0x75de720
13:40:45 7C0 LDAP: DoBind on connection 0x75de720
13:40:45 7C0 LDAP: Bind name:cn=1229212021,ou=ou01,o=organization, version:3, authentication:simple
13:40:45 7C0 LDAP: Sending operation result 0:"":"" to connection 0x75de720
13:40:45 8F4 LDAP: DoUnbind on connection 0x75de720
13:40:45 8F4 LDAP: Connection 0x75de720 closed
13:40:45 8EC LDAP: DoSearch on connection 0x9019f78
13:40:45 8EC LDAP: Search request:
base: "cn=commonname,ou=ou01,o=organization"
scope:0 dereference:3 sizelimit:0 timelimit:0 attrsonly:0
filter: "(objectClass=*)"
attribute: "givenname"
attribute: "sn"
attribute: "mail"
attribute: "displayname"
attribute: "organizational_uniqueid"
13:40:45 8EC LDAP: Sending search result entry "cn=commonname,ou=ou01,o=organization" to connection 0x9019f78
13:40:45 8EC LDAP: Sending operation result 0:"":"" to connection 0x9019f78
13:40:45 8D8 LDAP: DoSearch on connection 0x9019f78
13:40:45 8D8 LDAP: Search request:
base: "cn=commonname,ou=ou01,o=organization"
scope:0 dereference:3 sizelimit:0 timelimit:0 attrsonly:0
filter: "(objectClass=*)"
attribute: "groupmembership"
13:40:45 8D8 LDAP: Sending search result entry "cn=commonname,ou=ou01,o=organization" to connection 0x9019f78
13:40:45 8D8 LDAP: Sending operation result 0:"":"" to connection 0x9019f78
13:40:45 848 LDAP: DoSearch on connection 0x75df5e8
13:40:45 848 LDAP: Search request:
base: "cn=1229212021,ou=ou01,o=organization"
scope:0 dereference:3 sizelimit:0 timelimit:0 attrsonly:0
filter: "(objectClass=*)"
attribute: "givenname"
attribute: "sn"
attribute: "mail"
attribute: "displayname"
attribute: "organizational_uniqueid"
13:40:45 848 LDAP: Sending search result entry "cn=1229212021,ou=ou01,o=organization" to connection 0x75df5e8
13:40:45 848 LDAP: Sending operation result 0:"":"" to connection 0x75df5e8
13:40:45 8FC LDAP: DoSearch on connection 0x75df898
13:40:45 8FC LDAP: Search request:
base: "cn=notes,ou=groups,ou=ou01,o=organization"
scope:0 dereference:3 sizelimit:0 timelimit:0 attrsonly:0
filter: "(objectClass=*)"
attribute: "objectclass"
so that means, nobody else has to modify those routines? i´d be very interested in information on that matter.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
86 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.