Jump to content

ldap_user_import utility improvements?

Recommended Posts


Following issues with the ldap user import utility, I had a look a the source code to try and determine the source of the problem. It turns out it is proxy related. So my question is the following: once you get the list of profiles from the AD, you have a loop that checks if the user already exists and the update or create. Instead of opening a connection, updating / creating a user profile and closing the connection every time you call a web method on the API, would it be possible to open a single connection and close it upon completion or error? 

The reason I am asking is because the current method generates a lot of login / logout for, from my perspective, no real reasons.

What do you think?



Link to comment
Share on other sites

Hi Lyonel

There is no login / out as we use API keys once the first API call establishes a session a session cookie is set and used throughout the process. When we enable HTTP/2.0 on our API endpoint the process will automatically create one HTTP connection and use this though out the import.

Can you let me know why login  / logouts you are noticing?

Kind Regards

Trevor Killick 

Link to comment
Share on other sites

Sure (sorry you saw you reply today only!)

See below a Wire shark trace I ran whilst I was running the interface.


Also, looking at the source code on github, I believe (although not an export in Go) that you do loop for each user onto a method in which you login/logout?


processUsers then call in another loop updateUser:


and finally in updateUser, you reset the connection every time, no?


Link to comment
Share on other sites

Hi @Lyonel

We create a new connection in Go Lang inside the loop for concurrency so this can run in parallel, when we create a new connection there is no login what happens here is we call admin::userUpdate and pass the API key in the payload, the Server checks this API and sees that we already have a valid session (This would have been created when the first API call hits carrying the API Key and is valid for a certain amount of time), and allows the API call to process. 

So we do create a new XMLMC Class every time the loop runs but this does not call an additional Login / Logouts, due to our XMLMC endpoint not yet supporting HTTP/2.0 it will use multiple TCP/IP connections while doing this, once we enable HTTP/2.0 in the future this will all get pipelined down 1 TCP/IP connection. 

Kind Regards

Trevor Killick

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...