| Author |
Message |
Pradnyesh Rane
Guest
|
 Posted:
Fri Jan 14, 2005 9:08 am Post subject:
Active Directory multiple simultaneous binds on same ldap co |
|
|
Hi All,
We have a multithreaded application that may make simultaneous binds
[ldap_simple_bind] using the same ldap [not ADSI] connection to
authenticate users. We recently observed the following error in our
logs.
LdapErr: DSID-0C060454, comment: Only one outstanding bind per
connection allowed, data 0, v893
Has anybody seen this error before?
Is this documented somewhere? Is there a way to tune the number of
outstanding binds per connection.
I found the following article in the MS knowledge base that seems to
indicate that multiple binds on the same connection are allowed and
there was a bug fixed in that area.
http://support.microsoft.com/kb/289644/EN-US/
However I also found the following article in MSDN that states that
"Most LDAP calls are thread safe even when sharing the same connection
handle. The one exception is the LDAP bind. Do not attempt LDAP binds
simultaneously from two threads using the same connection."
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnactdir/html/BuildingADApps.asp
Can someone please clarify.
Thanks & Regards,
Pradnyesh Rane |
|
| Back to top |
|
 |
Joe Kaplan (MVP - ADSI)
Guest
|
| Posted:
Fri Jan 14, 2005 11:39 am Post subject:
Re: Active Directory multiple simultaneous binds on same lda |
|
|
Are you using Fast Concurrent Binding (LDAP_OPT_FAST_CONCURRENT_BIND)?
Joe K.
"Pradnyesh Rane" <pradnyesh@eudoramail.com> wrote in message
news:75211d2a.0501131908.30532556@posting.google.com...
| Quote: | Hi All,
We have a multithreaded application that may make simultaneous binds
[ldap_simple_bind] using the same ldap [not ADSI] connection to
authenticate users. We recently observed the following error in our
logs.
LdapErr: DSID-0C060454, comment: Only one outstanding bind per
connection allowed, data 0, v893
Has anybody seen this error before?
Is this documented somewhere? Is there a way to tune the number of
outstanding binds per connection.
I found the following article in the MS knowledge base that seems to
indicate that multiple binds on the same connection are allowed and
there was a bug fixed in that area.
http://support.microsoft.com/kb/289644/EN-US/
However I also found the following article in MSDN that states that
"Most LDAP calls are thread safe even when sharing the same connection
handle. The one exception is the LDAP bind. Do not attempt LDAP binds
simultaneously from two threads using the same connection."
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnactdir/html/BuildingADApps.asp
Can someone please clarify.
Thanks & Regards,
Pradnyesh Rane |
|
|
| Back to top |
|
|
Pradnyesh Rane
Guest
|
| Posted:
Sat Jan 15, 2005 4:14 am Post subject:
Re: Active Directory multiple simultaneous binds on same lda |
|
|
We have not set the fast bind option since we are running against Active
Directory 2000. The fast bind option is only available on Active
Directory.NET [2003].
Thanks & Regards,
Pradnyesh
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:#18Fntf#EHA.4004@tk2msftngp13.phx.gbl...
| Quote: | Are you using Fast Concurrent Binding (LDAP_OPT_FAST_CONCURRENT_BIND)?
Joe K.
"Pradnyesh Rane" <pradnyesh@eudoramail.com> wrote in message
news:75211d2a.0501131908.30532556@posting.google.com...
Hi All,
We have a multithreaded application that may make simultaneous binds
[ldap_simple_bind] using the same ldap [not ADSI] connection to
authenticate users. We recently observed the following error in our
logs.
LdapErr: DSID-0C060454, comment: Only one outstanding bind per
connection allowed, data 0, v893
Has anybody seen this error before?
Is this documented somewhere? Is there a way to tune the number of
outstanding binds per connection.
I found the following article in the MS knowledge base that seems to
indicate that multiple binds on the same connection are allowed and
there was a bug fixed in that area.
http://support.microsoft.com/kb/289644/EN-US/
However I also found the following article in MSDN that states that
"Most LDAP calls are thread safe even when sharing the same connection
handle. The one exception is the LDAP bind. Do not attempt LDAP binds
simultaneously from two threads using the same connection."
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnactdir/ht |
ml/BuildingADApps.asp
| Quote: |
Can someone please clarify.
Thanks & Regards,
Pradnyesh Rane
|
|
|
| Back to top |
|
|
Joe Kaplan (MVP - ADSI)
Guest
|
| Posted:
Sat Jan 15, 2005 5:23 am Post subject:
Re: Active Directory multiple simultaneous binds on same lda |
|
|
My understanding is that you are only supposed to bind once per connection
unless you are using FCB under 2003. You might consider doing a new
connection for each bind or implementing some sort of pool if you are
worried about running out of TCP ports.
I'm not really the expert on this, so perhaps someone from MS will weigh in.
It sounds like you are trying to do authentication to AD. Have you
considered using the SSPI API instead? That's what its for.
Joe K.
"Pradnyesh Rane" <pradnyesh@eudoramail.com> wrote in message
news:eLeSr3o%23EHA.2316@TK2MSFTNGP15.phx.gbl...
| Quote: | We have not set the fast bind option since we are running against Active
Directory 2000. The fast bind option is only available on Active
Directory.NET [2003].
Thanks & Regards,
Pradnyesh
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:#18Fntf#EHA.4004@tk2msftngp13.phx.gbl...
Are you using Fast Concurrent Binding (LDAP_OPT_FAST_CONCURRENT_BIND)?
Joe K.
"Pradnyesh Rane" <pradnyesh@eudoramail.com> wrote in message
news:75211d2a.0501131908.30532556@posting.google.com...
Hi All,
We have a multithreaded application that may make simultaneous binds
[ldap_simple_bind] using the same ldap [not ADSI] connection to
authenticate users. We recently observed the following error in our
logs.
LdapErr: DSID-0C060454, comment: Only one outstanding bind per
connection allowed, data 0, v893
Has anybody seen this error before?
Is this documented somewhere? Is there a way to tune the number of
outstanding binds per connection.
I found the following article in the MS knowledge base that seems to
indicate that multiple binds on the same connection are allowed and
there was a bug fixed in that area.
http://support.microsoft.com/kb/289644/EN-US/
However I also found the following article in MSDN that states that
"Most LDAP calls are thread safe even when sharing the same connection
handle. The one exception is the LDAP bind. Do not attempt LDAP binds
simultaneously from two threads using the same connection."
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnactdir/ht
ml/BuildingADApps.asp
Can someone please clarify.
Thanks & Regards,
Pradnyesh Rane
|
|
|
| Back to top |
|
|
Joe Richards [MVP]
Guest
|
| Posted:
Sat Jan 15, 2005 6:31 am Post subject:
Re: Active Directory multiple simultaneous binds on same lda |
|
|
You can bind multiple times on a single connection, however, it is not thread
safe. All of the binds should be sent through a single thread in a consecutive
manner or multiple connections should be used with each sending binds
consecutively. You are changing the security context of the connection each time
you do it.
The LDAP_OPT_FAST_CONCURRENT_BIND supposedly will allow concurrent binds (hence
the name) however I haven't had a chance to try it out to say for sure; it is
interesting though that the online docs don't mention it as an exception to the
thread safeness of ldap_bind. Obviously if you are on Windows 2000 you can't use
that. It requires the Windows 2003 client and server sides.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Joe Kaplan (MVP - ADSI) wrote:
| Quote: | My understanding is that you are only supposed to bind once per connection
unless you are using FCB under 2003. You might consider doing a new
connection for each bind or implementing some sort of pool if you are
worried about running out of TCP ports.
I'm not really the expert on this, so perhaps someone from MS will weigh in.
It sounds like you are trying to do authentication to AD. Have you
considered using the SSPI API instead? That's what its for.
Joe K.
"Pradnyesh Rane" <pradnyesh@eudoramail.com> wrote in message
news:eLeSr3o%23EHA.2316@TK2MSFTNGP15.phx.gbl...
We have not set the fast bind option since we are running against Active
Directory 2000. The fast bind option is only available on Active
Directory.NET [2003].
Thanks & Regards,
Pradnyesh
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:#18Fntf#EHA.4004@tk2msftngp13.phx.gbl...
Are you using Fast Concurrent Binding (LDAP_OPT_FAST_CONCURRENT_BIND)?
Joe K.
"Pradnyesh Rane" <pradnyesh@eudoramail.com> wrote in message
news:75211d2a.0501131908.30532556@posting.google.com...
Hi All,
We have a multithreaded application that may make simultaneous binds
[ldap_simple_bind] using the same ldap [not ADSI] connection to
authenticate users. We recently observed the following error in our
logs.
LdapErr: DSID-0C060454, comment: Only one outstanding bind per
connection allowed, data 0, v893
Has anybody seen this error before?
Is this documented somewhere? Is there a way to tune the number of
outstanding binds per connection.
I found the following article in the MS knowledge base that seems to
indicate that multiple binds on the same connection are allowed and
there was a bug fixed in that area.
http://support.microsoft.com/kb/289644/EN-US/
However I also found the following article in MSDN that states that
"Most LDAP calls are thread safe even when sharing the same connection
handle. The one exception is the LDAP bind. Do not attempt LDAP binds
simultaneously from two threads using the same connection."
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnactdir/ht
ml/BuildingADApps.asp
Can someone please clarify.
Thanks & Regards,
Pradnyesh Rane
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in