Hi,



I use the LDAP C# Libraries to retrieve a large number of users from eDir
and basically put them in a list.

The problem I have is when I activate ssl for the connection, then the
response time increases with approximately 100 times.

A query that will return about 17500 users takes ~25 seconds without ssl and
~50 minutes using ssl.



I have tried both the dynamic ssl with
m_Connection.UserDefinedServerCertValidationDelega te += new
CertificateValidationCallback(MySSLHandler), and to export/import
certificate with no difference.


I have also tried different ways of retrieving and reading the resultset
without any noticeable difference.



This is my original function:



string[] readAttr = { };

LdapSearchConstraints cons = new LdapSearchConstraints();

cons.MaxResults = 0;

LdapSearchResults results = m_Connection.Search(m_DN, 1,
"(objectClass=inetOrgPerson)", readAttr, false, cons);

while (results.hasMore())

{

m_Members.Add(new NdsMember(results.next()));

}



Setting the cons.BatchSize = 0; doesn't matter either, nor using the
LdapSearchQueue function.



I can see in DSTrace that the connection is established with the following
parameters:

09:35:48 B6ED3B90 LDAP: New TLS connection 0x9883d80 from 172.16.69.75:3928,
monitor = b6acfb90, index = 1

09:35:48 B6ACFB90 LDAP: Monitor 0xb6acfb90 initiating TLS handshake on
connection 0x9883d80

09:35:48 95EEBB90 LDAP: (172.16.69.75:3928)(0x0000:0x00) DoTLSHandshake on
connection 0x9883d80

09:35:48 95EEBB90 LDAP: BIO ctrl called with unknown cmd 7

09:35:48 95EEBB90 LDAP: (172.16.69.75:3928)(0x0000:0x00) Completed TLS
handshake on connection 0x9883d80

09:35:48 B71D6B90 LDAP: (172.16.69.75:3928)(0x0001:0x60) DoBind on
connection 0x9883d80

09:35:48 B71D6B90 LDAP: (172.16.69.75:3928)(0x0001:0x60) Bind
name:cn=e,o=ek, version:3, authentication:simple

09:35:48 B71D6B90 LDAP: (172.16.69.75:3928)(0x0001:0x60) Sending operation
result 0:"":"" to connection 0x9883d80

09:35:48 B65CAB90 LDAP: (172.16.69.75:3928)(0x0002:0x63) DoSearch on
connection 0x9883d80

Where "BIO ctrl called with unknown cmd 7" might be a cause to the problem?
I have been unable to find what it stands for.



When the resuts are returned, I can see in the trace that after the first
few hundreds of objects have been returned, the data flow stops for 5 - 25
seconds before the next object is sent.

This pattern continues throughout the resultset and results in the large
response time.



Are there anything else I can do to improve the response time, or do I have
to use another LDAP library?

When I browse the LDAP directory with an LDAP Browser in SSL-mode, it takes
about 25 second to open the same container as the query above reads.



Thanks



Rickardh