python-ldap search_s hanging problem on Linux box

[Michael Ströder]

Tood,

please stay on the python-ldap-dev list (Cc:-ed) so others can learn and
answer as well.

Todd Hanson wrote:
> Michael Ströder [mailto:michael at stroeder.com] wrote:
>> Todd Hanson wrote:
>>> I have a query that was written in python (2.5) utilizing the 
>>> python-ldap package (newest stable version for both Windows and
>>> Linux) to query an Active Directory server for a user's group
>>> membership. The code works fine on my test machine (2-3 seconds for
>>> result) which is Windows based but when I move the code over and
>>> run it on our production Linux (Ubuntu 8.10) server the query hangs
>>> for exactly 5 minutes and then displays the results.
>> 
>> I've also observed strange things like this with MS AD before. I
>> don't know a clear solution. It kind of sounds like a timeout.
>> 
>> One very important thing is to double-check the DNS A and PTR RRs for
>> all systems involved and avoid using DNS aliases (CNAME). This is
>> especially true e.g. for SASL bind requests where I experienced
>> strange problems when using IP address instead of FQDN when binding
>> to AD.
>
> The strange thing is I would expect the delay to come when I'm doing
> the "con.simple_bind_s(user_id, pw)" but that appears to connect
> right away.  The delay comes when I issue the "search_s" command.  If
> it was a DNS or reverse DNS issue I would expect the delay to come on
> the connection or is that a wrong assumption?

Bear in mind that a Windows domain could be part of a forest with trust
relationships etc. So you never know what is resolved internally when
processing a search request. I do not claim to be an AD expert though.

Maybe you could try asking about this particular issue in a
MS-AD-related newsgroup:

news:microsoft.public.windows.server.active_directory

Ciao, Michael.