Re: Active Directory multiple simultaneous binds on same ldap connection
From: Joe Richards [MVP] (humorexpress_at_hotmail.com)
Date: 01/15/05
- Next message: Cary Shultz [A.D. MVP]: "Re: Changing password expiring notification duration"
- Previous message: Cary Shultz [A.D. MVP]: "Re: BDC Promotion"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Active Directory multiple simultaneous binds on same ldap connection"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 14 Jan 2005 19:31:40 -0500
You can bind multiple times on a single connection, however, it is not thread
safe. All of the binds should be sent through a single thread in a consecutive
manner or multiple connections should be used with each sending binds
consecutively. You are changing the security context of the connection each time
you do it.
The LDAP_OPT_FAST_CONCURRENT_BIND supposedly will allow concurrent binds (hence
the name) however I haven't had a chance to try it out to say for sure; it is
interesting though that the online docs don't mention it as an exception to the
thread safeness of ldap_bind. Obviously if you are on Windows 2000 you can't use
that. It requires the Windows 2003 client and server sides.
joe
-- Joe Richards Microsoft MVP Windows Server Directory Services www.joeware.net Joe Kaplan (MVP - ADSI) wrote: > My understanding is that you are only supposed to bind once per connection > unless you are using FCB under 2003. You might consider doing a new > connection for each bind or implementing some sort of pool if you are > worried about running out of TCP ports. > > I'm not really the expert on this, so perhaps someone from MS will weigh in. > > It sounds like you are trying to do authentication to AD. Have you > considered using the SSPI API instead? That's what its for. > > Joe K. > "Pradnyesh Rane" <pradnyesh@eudoramail.com> wrote in message > news:eLeSr3o%23EHA.2316@TK2MSFTNGP15.phx.gbl... > >>We have not set the fast bind option since we are running against Active >>Directory 2000. The fast bind option is only available on Active >>Directory.NET [2003]. >> >>Thanks & Regards, >>Pradnyesh >> >>"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote >>in message news:#18Fntf#EHA.4004@tk2msftngp13.phx.gbl... >> >>>Are you using Fast Concurrent Binding (LDAP_OPT_FAST_CONCURRENT_BIND)? >>> >>>Joe K. >>> >>>"Pradnyesh Rane" <pradnyesh@eudoramail.com> wrote in message >>>news:75211d2a.0501131908.30532556@posting.google.com... >>> >>>>Hi All, >>>> >>>>We have a multithreaded application that may make simultaneous binds >>>>[ldap_simple_bind] using the same ldap [not ADSI] connection to >>>>authenticate users. We recently observed the following error in our >>>>logs. >>>> >>>>LdapErr: DSID-0C060454, comment: Only one outstanding bind per >>>>connection allowed, data 0, v893 >>>> >>>>Has anybody seen this error before? >>>> >>>>Is this documented somewhere? Is there a way to tune the number of >>>>outstanding binds per connection. >>>> >>>> >>>>I found the following article in the MS knowledge base that seems to >>>>indicate that multiple binds on the same connection are allowed and >>>>there was a bug fixed in that area. >>>> >>>>http://support.microsoft.com/kb/289644/EN-US/ >>>> >>>> >>>>However I also found the following article in MSDN that states that >>>>"Most LDAP calls are thread safe even when sharing the same connection >>>>handle. The one exception is the LDAP bind. Do not attempt LDAP binds >>>>simultaneously from two threads using the same connection." >>>> >>>> >> >>http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnactdir/ht >>ml/BuildingADApps.asp >> >>>> >>>> >>>>Can someone please clarify. >>>> >>>>Thanks & Regards, >>>>Pradnyesh Rane >>> >>> >> > >
- Next message: Cary Shultz [A.D. MVP]: "Re: Changing password expiring notification duration"
- Previous message: Cary Shultz [A.D. MVP]: "Re: BDC Promotion"
- In reply to: Joe Kaplan \(MVP - ADSI\): "Re: Active Directory multiple simultaneous binds on same ldap connection"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
Loading
