Re: Win32 version working OK [was Re: Speed difference, which version to use?]

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Mauro Cicognini wrote:
> I'm glad to announce that I've found the limiting factor for the 5-odd 
> seconds delay during binds, 

Note that with python-ldap 2.0.0pre04 ldap.initialize() is used in 
any case which wraps ldap_initialize in the OpenLDAP libs. 
ldap_initialize() has a slightly different behaviour than 
ldap_open(). AFAIK it just initializes the LDAP connection context 
but does not open the LDAP connection. The LDAP connection is 
opened when doing the first LDAPRequest - no matter which one. 
Having said this I'd like to see your test script. You might wanna 
check if the delay really happens during BindRequest or any first 
LDAPRequest. Note that LDAPv3 does not require you to send a 
BindRequest prior to other LDAPRequests.

> By sniffing network traffic I saw that it wasn't LDAP's fault per se. In 
> fact, for some reason the current libraries (as opposed to the old UMich 
> libs that I used in PythonLDAP 1.x) do a reverse-resolution on the 
> server's IP address before attempting to bind, on both DNS _and_ NetBIOS 
> (remember I'm dealing with Windows machines here).

Hmm, reverse lookups might make sense when using LDAP over SSL or 
LDAP with StartTLS to cross-check the server's name with the CN 
attribute in the subject DN of the server certificate. Since the 
OpenLDAP 1.x libs did not have any support for SSL/TLS this might 
be an issue with OpenLDAP 2.x libs. Just thoughts, not sure though...

> Note that the I passed the LDAP server's address as a DNS name, and that 
> the IP address was correctly resolved by my DNS server.

Can you please try to use the IP address directly and check if the 
same behaviour happens?

> Anyhow, the 
> client always tries to find the NetBIOS name of the server machine, and 
> this was what caused the delay, since my LDAP server is behind a 
> firewall which is configured to disallow NetBIOS queries (the client 
> tries 3 times the query, then gives up). Once I let NetBIOS-ns through 
> (UDP port 137) the delay disappeared.
 > [..]
> I can tell that it isn't Windows fault, at least:

I'm not sure if that conclusion is right.
1. I remember reverse lookup problems with various software on 
Windows. (Therefore your observation is very interesting for other 
things too.)
2. I can't imagine why the OpenLDAP 2 libs should explicitly do 
reverse NETBIOS lookups other than using a default parameter 
somewhere which causes that. Now how's the behaviour on Windows 
with the normal OpenLDAP tools ldapsearch, etc.?

Ciao, Michael.