ldap_user_import utility improvements?

[Lyonel]

Hi,

Following issues with the ldap user import utility, I had a look a the source code to try and determine the source of the problem. It turns out it is proxy related. So my question is the following: once you get the list of profiles from the AD, you have a loop that checks if the user already exists and the update or create. Instead of opening a connection, updating / creating a user profile and closing the connection every time you call a web method on the API, would it be possible to open a single connection and close it upon completion or error? 

The reason I am asking is because the current method generates a lot of login / logout for, from my perspective, no real reasons.

What do you think?

Thanks,

Lyonel

[TrevorKillick]

Hi Lyonel

There is no login / out as we use API keys once the first API call establishes a session a session cookie is set and used throughout the process. When we enable HTTP/2.0 on our API endpoint the process will automatically create one HTTP connection and use this though out the import.

Can you let me know why login  / logouts you are noticing?

Kind Regards

Trevor Killick 

[Lyonel]

Sure (sorry you saw you reply today only!)

See below a Wire shark trace I ran whilst I was running the interface.

Also, looking at the source code on github, I believe (although not an export in Go) that you do loop for each user onto a method in which you login/logout?

processUsers then call in another loop updateUser:

and finally in updateUser, you reset the connection every time, no?

[TrevorKillick]

Hi @Lyonel

We create a new connection in Go Lang inside the loop for concurrency so this can run in parallel, when we create a new connection there is no login what happens here is we call admin::userUpdate and pass the API key in the payload, the Server checks this API and sees that we already have a valid session (This would have been created when the first API call hits carrying the API Key and is valid for a certain amount of time), and allows the API call to process. 

So we do create a new XMLMC Class every time the loop runs but this does not call an additional Login / Logouts, due to our XMLMC endpoint not yet supporting HTTP/2.0 it will use multiple TCP/IP connections while doing this, once we enable HTTP/2.0 in the future this will all get pipelined down 1 TCP/IP connection. 

Kind Regards

Trevor Killick

[Lyonel]

Ah! For some reason I thought you did support HTTP/2.0 which is why I was mislead. My bad

Great explanation though @TrevorKillick, thanks so much for your time and patience.

[TrevorKillick]

Hi @Lyonel

Oddly enough we did for about 3 days then we noticed an issue with out iOS Applications and had to revert back.

Not a problem, alway nice for a customer to dive into our Open Source Tools and question our methodology. 

Kind Regards

Trevor Killick