Skip to Content.
Sympa Menu

devel - LDAP queries

Subject: Developers of Sympa

List archive

Chronological Thread  
  • From: John Douglass <address@concealed>
  • To: address@concealed
  • Subject: LDAP queries
  • Date: Wed, 27 Mar 2002 13:49:09 -0500

Sympa-Dev,

I am running 3.3.4b and have configured LDAP as a data source for a list.

I noticed that when logged in as listmaster and I go to "Your Subscriptions" tab, there was a delay because wwsympa looks like it did an LDAP query on the one list that utilized LDAP.

For clarification, the "Inclusions timeout (ttl)" is the amount of time that the data can be "stagnant" before a requery occurs, but does not query again unless the list is utilized in some way yes? Is the listing of lists considered a "utilization"?

If so, then it might be better to not query LDAP unless you go INTO the list or the list is utilized (mail etc.) Having the query on the displaying of the list of lists (and you have multiple LDAP pulls) could cause a potential timeout if the multiple queries it executes takes a long time.

Also, I moved all my Net::LDAP->new() calls to Net::LDAPS->new() (because we don't allow access to the password field unless it's over SSL and I'm using the auth.conf capabilities which are GREAT!!! Kudos!). A flag test from sympa.conf might be useful to others. (ldap_ssl=1)

Something like:

sympa.conf:

ldap_ssl = 1;
ldap_ssl_version = 'sslv3';
ldap_ssl_ciphers = 'MEDIUM:HIGH';

Anywhere that a new ldap object is created:

if ($Conf{'ldap_ssl'})
{
$ldap=Net::LDAPS->new($host,timeout => $ldap->{'timeout'}, sslversion => $Conf{'ldap_ssl_version'}, ciphers => $Conf{'ldap_ssl_ciphers'});
# at least 128-bit! :) 40-bit is so last season
}
else
{
$ldap=Net::LDAP->new($host,timeout => $ldap->{'timeout'});
}

The other LDAP calls work just fine from the $ldap object.

Thanks Sympa team!
- John Douglass, Georgia Institute of Technology




  • LDAP queries, John Douglass, 03/27/2002

Archive powered by MHonArc 2.6.19+.

Top of Page