1

I use asp classic to authenticate a user with LDAP. There are about 10 000 accounts in the LDAP and the check for authentication in asp is quite slow (15 seconds).

I used on the same server the LDP tool (from Microsoft) and everything (from connection, binding and search) is fast.

Here's my code, I tried 3 different options and I had same results :

Using SQL instructions :

Dim oConn: Set oConn = Server.CreateObject("ADODB.Connection")
oConn.Provider = "ADsDSOOBJECT"
oConn.Properties("User ID") = Username
oConn.Properties("Password") = Password
oConn.Properties("Encrypt Password") = True
oConn.Open "DS Query", Username, Password
Dim Query: Query = "SELECT sAMAccountName FROM 'LDAP://ldap.mydomain.com/CN=" & Username & ",CN=Users' WHERE objectCategory = 'person' AND objectClass='user' AND SAMAccountName = '" & Username & "' "
Dim oCmd: Set oCmd = Server.CreateObject("ADODB.Command")
Set oCmd.ActiveConnection = oConn
oCmd.CommandText = Query
Dim oRs: Set oRS = oCmd.Execute
If oRS.BOF Or oRS.EOF Then
    ' Authentication failed
Else
    ' Autentication passed
End If
...

Using LDAP instructions :

Dim oConn: Set oConn = Server.CreateObject("ADODB.Connection")
oConn.Provider = "ADsDSOOBJECT"
oConn.Properties("User ID") = Username
oConn.Properties("Password") = Password
oConn.Properties("Encrypt Password") = True
oConn.Open "DS Query", Username, Password
Dim Query: Query = "<LDAP://ldap.mydomain.com>;(samAccountName=" & Username & ");samAccountName;subtree"
Dim oCmd: Set oCmd = Server.CreateObject("ADODB.Command")
Set oCmd.ActiveConnection = oConn
oCmd.CommandText = Query
Dim oRs: Set oRS = oCmd.Execute
If oRS.BOF Or oRS.EOF Then
    ' Authentication failed
Else
    ' Autentication passed
End If
...

Using IADS objects :

Dim DSODomaine
Dim DSOContainer

On Error Resume Next

Set DSODomaine = GetObject("LDAP:")
Set DSOContainer = DSODomaine.OpenDSObject("LDAP://ldap.mydomain.com", Username, Password, ADS_SECURE_AUTHENTICATION + ADS_SERVER_BIND)

If Err.Number <> 0 Then
    ' Authentication failed
Else
    ' Autentication passed
End If
...

The 3 examples are all slow. What could I do to improve performance using asp classic ?

4

1 回答 1

0

古老的线程,但您可以在地址中包含端口 LDAP://ldap.mydomain.com:389- 这应该会加快您的查询

稍后编辑- 如果您的问题恰好是 15 秒延迟,这将有所帮助:

Windows 尝试从其自己的服务器和第三方服务器检索新的 CRL(证书吊销列表)。这看起来正好在 15 秒内超时。如果机器被隔离或无法通过 Internet 访问这些资源(被阻止/防火墙、连接速度慢等),则可能会出现这种情况。

如果您的 CA/证书已经在网络服务器上可用,您尝试降低超时以查看它是否解决了问题?

我们只需要在 Vault Server 上执行以下步骤:

  1. 启动 gpedit.msc -> 本地计算机策略 -> 计算机配置 -> 管理模板 -> 系统 -> Internet 通信管理 -> Internet 通信设置 -> 关闭自动根证书更新 = 已启用

  2. 启动 gpedit.msc -> 本地计算机策略 -> 计算机配置 -> Windows 设置 -> 安全设置 -> 公钥策略 -> 证书路径验证路径。选择选项卡“网络检索”并启用“定义这些策略设置”。取消选择“自动更新根...”。最重要的是将超时值设置为 1。

于 2021-08-17T14:58:51.317 回答