LDAP 搜索使用 DirectoryServices.Protocols 慢 [英] LDAP search using DirectoryServices.Protocols slow

问题描述

我们正在使用 System.DirectoryServices.DirectorySearcher 进行 sAMAccountName 查找.这很好用，只是在查询某个我们怀疑很大的广告时，搜索经常会超时.在做了一些研究之后，我发现使用 System.DirectoryServices.Protocols 的搜索在查询大型 AD 时会更快.我正在尝试使用协议重新创建我们所拥有的内容，看看这是否会对超时产生任何影响.这是目前存在的:

We are using System.DirectoryServices.DirectorySearcher to do sAMAccountName lookups. This works fine except that when querying a certain AD, which we suspect is quite large, the search often times out. After doing a bit of research, I found out that searches using System.DirectoryServices.Protocols can be faster when querying against a large AD. I am trying to recreate what we have using Protocols to see if that will make any difference with the timeouts. This is what's currently there:

Dim Entry As New DirectoryEntry(anLDAPURL, aDomainUserName, aPassword)

Dim obj As Object = Entry.NativeObject 'Force Authentication on Active Directory Server

Dim Filter As String = String.Format("(sAMAccountName={0})", aDomainUserName)

Dim Search As New DirectorySearcher(Entry, Filter)
Search.PropertiesToLoad.Add(SID)
Search.PropertiesToLoad.Add(ACCOUNTISLOCKEDOUT)
Search.PropertiesToLoad.Add(ACCOUNTISDISABLED)

Dim Results As SearchResult = Search.FindOne()

这很好用并且非常快(除了上面提到的超时情况).这就是我试图改变它以便我可以测试它:

This works fine and is very fast (except in the case mentioned above where it times out). And this is what I'm trying to change it to so that I can test it out:

Dim credentials As New System.Net.NetworkCredential(aDomainUserName, aPassword)
Dim directoryIdentifier As New System.DirectoryServices.Protocols.LdapDirectoryIdentifier("ldap-ad.example.org")

Using connection As New System.DirectoryServices.Protocols.LdapConnection(directoryIdentifier, credentials, Protocols.AuthType.Basic)
    Dim attributes() As String = {SID, ACCOUNTISLOCKEDOUT, ACCOUNTISDISABLED}

    Dim search As New System.DirectoryServices.Protocols.SearchRequest(
    "dc=example,dc=org",
    String.Format("(sAMAccountName={0})", aDomainUserName),
    Protocols.SearchScope.Subtree,
    attributes)

    Dim response As System.DirectoryServices.Protocols.SearchResponse = DirectCast(connection.SendRequest(search), System.DirectoryServices.Protocols.SearchResponse)
End Using

上面的代码有效，因为它返回一个结果，但比原来的要慢得多.我怀疑我尝试查询的方式效率低下，但我不太确定应该如何设置它以使其更快.

The above code works, in that it returns a result, but is much slower than the original. I suspect that the way I'm trying to query is inefficient but I'm not too sure on how I should set it up so that it's faster.

推荐答案

我遇到了同样的问题，最终是由于 System.DirectoryServices.Protocols.LdapConnection 中返回结果中的引荐追逐".SendRequest 方法.这是由于没有任何 DNS 条目的假"域名corp.org"(因此 SendRequest 浪费了大量时间对结果进行 DNS 查找).要禁用推荐追踪:

I ran into the same problem which ended up being due to "referral chasing" in the returned results in the System.DirectoryServices.Protocols.LdapConnection.SendRequest method. This was due to a "fake" domain name "corp.org" that didn't have any DNS entries (so SendRequest was wasting lots of time doing DNS lookups on the results). To disable referral chasing:

var conn = new LdapConnection(...);
conn.SessionOptions.ReferralChasing = ReferralChasingOptions.None;

这篇关于LDAP 搜索使用 DirectoryServices.Protocols 慢的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！