Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
We’re using LDAP to authenticate users. The other side of the LDAP pipe is a very large Active Directory implementation. We’re finding that the authentication query is taking too long (15 seconds and longer).
Here’s a representation of what we’re doing:
ldap://ldap.myco.com/DN?dc=myco,dc=com??sub?(sAMAccountName=John)
What is the best way to accomplish this is a way that will work well for any giant AD implementation?
Thanks!
sAMAccountName is definetely indexed, although your search also includes computers and groups. You could further qualify it with
(&(objectCategory=person)(objectClass=user)(samAccountName={0})).The bigger question is why are you doing the search to begin with? If all you want to do is check a username and password via LDAP bind, do a bind to LDAP://DC=myco,DC=com and access
myDirectoryEntry.NativeObject. If it throws an exception you have a problem.Also, what is “
ldap.myco.com“? Is that a load balancer? Is it the name of your domain? You should be able to do a serverless bind here…