System.DirectoryServices and connection pooling

Reading Time: 2 minutes

Connection pooling is something with most of .NET and SQL developers are pretty familiar with. It is mechanism which allows to re-usage of once established connection under some conditions. Establishing connections are considered as costly operation in networking world. So it might do good for performance of Your application if only one connection will be used and will stay open as long as You need it.

S.DS is also imlementing connection pooling under some conditions. I was aware that S.DS should use the same connection if:

  • connection is being made within the same security context
  • connection is using the same authentication type.

So I was a little surprised when working on some code cleanup and re-write for Extensible MA I've hit max user connection limit on Windows 2003 Server (5000 by default). Code was pretty simple – I have list of DNs and have to enumerate some attributes for each of them. I used DirectoryEntry for this in a way somewhat similar to this snippet:

using (DirectoryEntry member = new DirectoryEntry())
{
member.Username = userName;
member.Password = userPwd;
member.AuthenticationType = AuthenticationTypes.Secure;

foreach (string dn in dns)
{
member.Path = “LDAP://” + ldapHostName”/” + dn;
Guid guid = new Guid((byte[])member.Properties[”objectGUID”].Value);
Console.WriteLine(guid.ToString(”B”));
}
}

 

So … credentials in the loop at the same, authentication type is the same but new connections were established for each DN being processed. After some investigation and discussion on DL it turned out that connection will be re-used as long as there will be one object which will be live and keeping this connection alive. For example DirectoryEntry which will point to rootDSE:

using(DirectoryEntry rootEntry = new DirectoryEntry(

“LDAP://” + ldapHostName/rootDSE”,
userName,
userPwd,
AuthenticationTypes.Secure))
{
rootEntry.RefreshCache();
using (DirectoryEntry member = new DirectoryEntry())
{
member.Username = userName;
member.Password = userPwd;
member.AuthenticationType = AuthenticationTypes.Secure;

foreach (string dn in dns)
{
member.Path = “LDAP://w2k.pl/” + dn;
Guid guid = new Guid((byte[])member.Properties[”objectGUID”].Value);
Console.WriteLine(guid.ToString(”B”));
}
}
}

 

This simple modification does the trick – right now all objects within the loop were using the same connection. You have to remember that DirectoryEntry is using lazy bind so to open a connection You have to actually read data from object, in this example I've used RefreshCache method.

To show You how this can impact application performance I will give You example from my lab. My code was processing about 80k of user objects (this was slow VM, only 384 of RAM on notebook) and with this bad connection handling this was executed for 2h48m. With this simple change time required to process these entries was 0h56m in the same environment (this is Extensible MA for MIIS so this is time to produce data and read them into CS).

Just putting it here for others who may seek solution to this problem. My lack of developer background something is painful … but I'm doing my best :), at least I'm trying.

I have to say Thank You to Rayn and other people who were helping me on this case. Ryan joined MSFT some time ago so I was lucky to have opportunity to ping him on IM and bother with my problems :). Gladly sorted out.