opening a connection with more than a single server

Michael Ströder michael at stroeder.com
Thu May 2 17:53:21 CEST 2002 

Jens Vagelpohl wrote:
>> 1. change the docs and pass string-parameter _host_ to OpenLDAP's 
>> ldap_open() function and drop parameter _port_ or
> 
> the space-separated host list was only used in place of the first argument,
>  "host". i am not sure if you were still able to pass a "port" parameter 
> or what would happen if you did.

Jens, can you please tell us exactly how the declaration of 
ldap.open() should look like and how the behaviour should be?

I've changed the declaration and behaviour according to your 
inquiry because you complained about an incompatible change 
(review thread "signature of ldap.open changed?" started by you).

> comply to which docs? the docs that came with python-ldap 1.10?

The docs weren't changed since 1.x for ldap.open().

 > i have a
> feeling that the author might not have realized that you can send 
> space-separated host names in the "host" portion of the argument list.

It's very likely that David did not know about the space-separated 
multiple host feature. I'm not even sure if it was available in 
OpenLDAP 1.x or Netscape 3 libs. But he defined the ldap.open() 
function's interface and old code might be using it.

As I understood your former inquiry you relied on this old 
behaviour of ldap.open(). Now you're requesting a change.

>> I did that in former versions of web2ldap but dropped support for 
>> python-ldap 1.x because it's getting too complex if you want to do 
>> that completely (referrals, etc.). Also python-ldap does not support 
>> LDAPv3 which has some serious implications if you take RFC2251 ff. 
>> seriously (e.
>> g. character set T.61 for LDAPv2 instead of UTF-8).
> 
> well, my products lack the complexity to really be worried about that. 

Not caring about the complexity does not mean the complexity isn't 
there...

>> Yes, you have to try a LDAPRequest and catch ldap.SERVER_DOWN.
> 
> is there a suitable and simple LDAP request that would work on most 
> servers without knowing what the tree looks like?

Read RootDSE on LDAPv3 servers. Well, that means you have to know 
the protocol version. Also the node of the search root has to be 
existent.

But IMHO you're thinking the wrong way: Just try the LDAPRequest, 
catch ldap.SERVER_DOWN, re-connect/-bind and re-try same 
LDAPRequest if necessary.

>>> never experimented with long-lived connections. i am all for 
>>> improving performance,
>>
>> Well, if you're after performance you should work with persistent 
>> connections. Especially for web2ldap it was a great performance boost 
>> since web2ldap does a lot of special stuff after establishing the 
>> connection. Doing this for each request is a performance nightmare. 
>> Think of negotiating LDAP protocol version, evaluating RootDSE 
>> attributes, more complex bind operations, etc.
> 
> well, again, my products lack that kind of complexity...

Are you sure? ;-)

>  i connect, i bind,
>  i might rebind as someone else, i read and i write. then i disconnect. 
> nothing exotic really.

Not exotical but too many LDAPRequests for being a light-weight 
authenticating process. Also think of the costs when doing a 
connect, especially SSL/TLS connection establishment.

Ciao, Michael.

More information about the python-ldap mailing list