Could this be happening because the directory server is returning a search result with a continuation reference? I have been hitting the server with a java program, and have seen that it is returning a search result with one (valid) entry, for the user, but there is also a continuation reference of "" coming back as part of that result. Now looking into this, this is supposed to happen when you do a search against Active Directory which crosses domains, and you are not hitting an Active Directory Catalog Master (basically an instance of the server which has not been set up a catalog master, having multi-domain information). I am definitely hitting a catalog master, but it is still returning the "" continuation, so something weird is going on. My hunch, in any case (and I may be completely off) is that maybe LDAPUserfolder does not know what to do with the continuation reference. Could this be it? Jens Vagelpohl wrote:
if you know how to use the python debugger you could step through the code (starting in the validate method) to determine exactly where the lag is. strategically placed logging (print statements, logging calls) would also help.
jens
On Monday, Nov 25, 2002, at 18:14 US/Eastern, Colin Sampaleanu wrote:
Brad Clements wrote:
On 25 Nov 2002 at 17:07, Colin Sampaleanu wrote:
Unfortunately I am not running LDAP on the same machine. I did consider the fact that perhaps this was the same issue, but the machine appears responsive otherwise. What is interesting is that after about 10 minutes it _does_ come back, saying that the user/credentials are not value. So LDAPUserFolder does not necessarilly think it has a problem, it just thinks there is an authenticaiton issue. Of course I would say if it takes 10 minutes there is a sever problem somewhere, never mind the fact that the authentication should work..
Sounds like there is a firewall between the two systems, configured to drop packets rather than generate an ICMP port unreachable response.
ipchains in the way?
No, they're on the same subnet, can can see each other fine. And python-ldap comes back from the query immediately, so there is no real ldap issue as far as I can tell, it is some sort of problem between LDAPUserFolder and python-ldap, more likely, or the way the LDAPUserFolder is doing its lookups...