I'm curious as to whether the following will negatively impact performance in a significant way...
我很好奇以下是否会对性能产生重大负面影响......
I have a web form with an input box and grid (could be any form of application really) and allows the user to search Active Directory for users...I don't want user accounts that have the $ as part of there sAMAccountName and so am wondering whether I should have them returned and then filter them out in a loop in the application or whether they should be excluded in the ActiveDirectory filter like the following:
我有一个带有输入框和网格的网页表单(可以是任何形式的应用程序)并允许用户搜索Active Directory以供用户使用...我不希望用户帐户将$作为sAMAccountName和所以我想知道我是否应该让它们返回,然后在应用程序的循环中过滤它们,或者是否应该在ActiveDirectory过滤器中排除它们,如下所示:
(&(objectCateogry=person)(objectClass=user)(!(sAMAccountName=*$*))(cn=<Insert User Query>))
I guess it's the *$* that i'm concerned will impact performance...any insight would be greatly appreciated!
我想这是* $ *我担心会影响性能......任何见解都会非常感激!
2 个解决方案
#1
I would include (!(sAMAccountName=*$*)) in the query for the following reasons:
我会在查询中包含(!(sAMAccountName = * $ *)),原因如下:
- It is indexed in Active Directory so searches are quick.
- In most environments domain controllers aren't hit as hard as web servers and have CPU and RAM to spare.
它在Active Directory中编入索引,因此搜索速度很快。
在大多数环境中,域控制器不像Web服务器那样硬,并且备用CPU和RAM。
I'm just guessing but I would think that the extra entries that the domain controllers will have to process and send to the web server would actually make everything take a little longer. You could try it both ways in your environment and measure the difference.
我只是猜测,但我认为域控制器必须处理并发送到Web服务器的额外条目实际上会使一切都需要更长的时间。您可以在您的环境中尝试两种方式并测量差异。
Also, you could take a look at the classes in System.DirectoryServices.Protocols if you're concerned with performance.
此外,如果您关注性能,可以查看System.DirectoryServices.Protocols中的类。
#2
The filter about AD as follwing:
关于AD的过滤器如下:
class ExpressionTemplates
{
/// <summary>
/// The start with expression. eg: "({0}={1}*)".
/// </summary>
public readonly static string StartWithExpression = "({0}={1}*)";
/// <summary>
/// The end with expression. eg: "({0}=*{1})".
/// </summary>
public readonly static string EndWithExpression = "({0}=*{1})";
/// <summary>
/// The has a value expression. eg: "({0}=*)".
/// </summary>
public readonly static string HasAValueExpression = "({0}=*)";
/// <summary>
/// The has no value expression. eg: "(!{0}=*)".
/// </summary>
public readonly static string HasNoValueExpression = "(!{0}=*)";
/// <summary>
/// The is expression. eg: "({0}={1})".
/// </summary>
public readonly static string IsExpression = "({0}={1})";
/// <summary>
/// The is not expression. eg: "(!{0}={1})".
/// </summary>
public readonly static string IsNotExpression = "(!{0}={1})";
/// <summary>
/// The and expression. eg: "(&{0})".
/// </summary>
public readonly static string And = "(&{0})";
/// <summary>
/// The or expression. eg: "(|{0})".
/// </summary>
public readonly static string Or = "(|{0})";
/// <summary>
/// The parenthesis expression. eg: "({0})".
/// </summary>
public readonly static string Parenthesis = "({0})";
/// <summary>
/// The join expression. eg: "{0}{1}".
/// </summary>
public readonly static string Join = "{0}{1}";
}
You can refer my OSS project which base on ActiveRecord pattern as following(Because it is open source you can find out how to operate the AD with DirectoryEntry, DirectoryEntry is not only support the LDAP protocol but also IIS, WIN and so on, so I develop this lib):
您可以参考我的基于ActiveRecord模式的OSS项目如下(因为它是开源的,您可以找到如何使用DirectoryEntry操作AD,DirectoryEntry不仅支持LDAP协议,还支持IIS,WIN等,所以我开发这个lib):
class ComplexFilterUnitTest : BaseUnitTest
{
[TestCase]
public void TestComplexFilter()
{
IFilter filter =
new And(
new IsUser(),
new Is(OrganizationalUnitAttributeNames.OU, "pangxiaoliangOU"),
new Or(
new StartWith(AttributeNames.CN, "pang"),
new And(
new EndWith(AttributeNames.CN, "liu"),
new Is(PersonAttributeNames.Mail, "mv@live.cn")
)
)
);
Assert.AreEqual("(&(objectClass=user)(ou=pangxiaoliangOU)(|(cn=pang*)(&(cn=*liu)(mail=mv@live.cn))))", filter.BuildFilter());
foreach (var userObject in UserObject.FindAll(this.ADOperator, filter))
{
using (userObject)
{
Console.WriteLine(userObject.DisplayName);
}
}
}
}
https://landpyactivedirectory.codeplex.com/documentation
And you will find it easy to operate the AD with it, if you have no interest with it please ignore my answer. Any question about AD please contact me :)
而且你会发现使用它很容易操作AD,如果你对它不感兴趣,请忽略我的答案。有关AD的任何问题请与我联系:)
#1
I would include (!(sAMAccountName=*$*)) in the query for the following reasons:
我会在查询中包含(!(sAMAccountName = * $ *)),原因如下:
- It is indexed in Active Directory so searches are quick.
- In most environments domain controllers aren't hit as hard as web servers and have CPU and RAM to spare.
它在Active Directory中编入索引,因此搜索速度很快。
在大多数环境中,域控制器不像Web服务器那样硬,并且备用CPU和RAM。
I'm just guessing but I would think that the extra entries that the domain controllers will have to process and send to the web server would actually make everything take a little longer. You could try it both ways in your environment and measure the difference.
我只是猜测,但我认为域控制器必须处理并发送到Web服务器的额外条目实际上会使一切都需要更长的时间。您可以在您的环境中尝试两种方式并测量差异。
Also, you could take a look at the classes in System.DirectoryServices.Protocols if you're concerned with performance.
此外,如果您关注性能,可以查看System.DirectoryServices.Protocols中的类。
#2
The filter about AD as follwing:
关于AD的过滤器如下:
class ExpressionTemplates
{
/// <summary>
/// The start with expression. eg: "({0}={1}*)".
/// </summary>
public readonly static string StartWithExpression = "({0}={1}*)";
/// <summary>
/// The end with expression. eg: "({0}=*{1})".
/// </summary>
public readonly static string EndWithExpression = "({0}=*{1})";
/// <summary>
/// The has a value expression. eg: "({0}=*)".
/// </summary>
public readonly static string HasAValueExpression = "({0}=*)";
/// <summary>
/// The has no value expression. eg: "(!{0}=*)".
/// </summary>
public readonly static string HasNoValueExpression = "(!{0}=*)";
/// <summary>
/// The is expression. eg: "({0}={1})".
/// </summary>
public readonly static string IsExpression = "({0}={1})";
/// <summary>
/// The is not expression. eg: "(!{0}={1})".
/// </summary>
public readonly static string IsNotExpression = "(!{0}={1})";
/// <summary>
/// The and expression. eg: "(&{0})".
/// </summary>
public readonly static string And = "(&{0})";
/// <summary>
/// The or expression. eg: "(|{0})".
/// </summary>
public readonly static string Or = "(|{0})";
/// <summary>
/// The parenthesis expression. eg: "({0})".
/// </summary>
public readonly static string Parenthesis = "({0})";
/// <summary>
/// The join expression. eg: "{0}{1}".
/// </summary>
public readonly static string Join = "{0}{1}";
}
You can refer my OSS project which base on ActiveRecord pattern as following(Because it is open source you can find out how to operate the AD with DirectoryEntry, DirectoryEntry is not only support the LDAP protocol but also IIS, WIN and so on, so I develop this lib):
您可以参考我的基于ActiveRecord模式的OSS项目如下(因为它是开源的,您可以找到如何使用DirectoryEntry操作AD,DirectoryEntry不仅支持LDAP协议,还支持IIS,WIN等,所以我开发这个lib):
class ComplexFilterUnitTest : BaseUnitTest
{
[TestCase]
public void TestComplexFilter()
{
IFilter filter =
new And(
new IsUser(),
new Is(OrganizationalUnitAttributeNames.OU, "pangxiaoliangOU"),
new Or(
new StartWith(AttributeNames.CN, "pang"),
new And(
new EndWith(AttributeNames.CN, "liu"),
new Is(PersonAttributeNames.Mail, "mv@live.cn")
)
)
);
Assert.AreEqual("(&(objectClass=user)(ou=pangxiaoliangOU)(|(cn=pang*)(&(cn=*liu)(mail=mv@live.cn))))", filter.BuildFilter());
foreach (var userObject in UserObject.FindAll(this.ADOperator, filter))
{
using (userObject)
{
Console.WriteLine(userObject.DisplayName);
}
}
}
}
https://landpyactivedirectory.codeplex.com/documentation
And you will find it easy to operate the AD with it, if you have no interest with it please ignore my answer. Any question about AD please contact me :)
而且你会发现使用它很容易操作AD,如果你对它不感兴趣,请忽略我的答案。有关AD的任何问题请与我联系:)