New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
clarify ldap schema calls #655
Comments
I did some tests on the current master (070c4b3) with
What do you think? |
I believe that the all the ldap schema query is made by ldap3.Server() call in our ldapresolver module get_server_pool method when the pass get_info is ldap3.SCHEMA.
PrivacyIDEA has tried to optimize this with the ability to pass get_info with ldap3.NONE (no schema query). However, not all calls of get_server_pool pass get_info=ldap3.NONE, and the default value for get_info in get_server_pool is ldap3.SCHEMA, therefore the ldap schema queries are still made. For example in the _bind call etc.
My request is to make ldap3.NONE be the default value if get_info for get_server_pool if that is also sensible for you and @cornelinux. In my environments, the ldap schema queries has zero effect, and sometimes even are not allowed by the ldap servers.
|
I think we have multiple questions here:
So, to reduce the number of schema queries, we should reduce the number of LDAP connections, for which I opened #664. For use cases that need schema information, I guess it makes sense to optimize the number of calls to |
Previously, `refresh_server_info` was called for `open()`, `start_tls()` and `bind()`. With this patch, it is only called for `bind()`. See privacyidea#655.
Previously, `refresh_server_info` was called for `open()`, `start_tls()` and `bind()`. With this patch, it is only called for `bind()`. See #655.
This can be used to tune the performance of LDAP connections. This commit adds a new NOSCHEMAS configuration option, but does not add it to the web interface (yet). See #655.
I also find that the schema queries are still remaining in most operations...
Would it be sensible in your opinion to have the ldap3.NONE as the default behavior for get_serverpool method instead? @quynh-axiadids (taken from #650)
ldap3 version 2.2.1
The text was updated successfully, but these errors were encountered: