I use the LDAP C# Libraries to retrieve a large number of users from eDir
and basically put them in a list.

The problem I have is when I activate ssl for the connection, then the
response time increases with approximately 100 times.

A query that will return about 17500 users takes ~25 seconds without ssl and
~50 minutes using ssl.

I have tried both the dynamic ssl with
m_Connection.UserDefinedServerCertValidationDelega te += new
CertificateValidationCallback(MySSLHandler), and to export/import
certificate with no difference.

I have also tried different ways of retrieving and reading the resultset
without any noticeable difference.

This is my original function:

string[] readAttr = { };

LdapSearchConstraints cons = new LdapSearchConstraints();

cons.MaxResults = 0;

LdapSearchResults results = m_Connection.Search(m_DN, 1,
"(objectClass=inetOrgPerson)", readAttr, false, cons);

while (results.hasMore())


m_Members.Add(new NdsMember(results.next()));


Setting the cons.BatchSize = 0; doesn't matter either, nor using the
LdapSearchQueue function.

I can see in DSTrace that the connection is established with the following

09:35:48 B6ED3B90 LDAP: New TLS connection 0x9883d80 from,
monitor = b6acfb90, index = 1

09:35:48 B6ACFB90 LDAP: Monitor 0xb6acfb90 initiating TLS handshake on
connection 0x9883d80

09:35:48 95EEBB90 LDAP: ( DoTLSHandshake on
connection 0x9883d80

09:35:48 95EEBB90 LDAP: BIO ctrl called with unknown cmd 7

09:35:48 95EEBB90 LDAP: ( Completed TLS
handshake on connection 0x9883d80

09:35:48 B71D6B90 LDAP: ( DoBind on
connection 0x9883d80

09:35:48 B71D6B90 LDAP: ( Bind
name:cn=e,o=ek, version:3, authentication:simple

09:35:48 B71D6B90 LDAP: ( Sending operation
result 0:"":"" to connection 0x9883d80

09:35:48 B65CAB90 LDAP: ( DoSearch on
connection 0x9883d80

Where "BIO ctrl called with unknown cmd 7" might be a cause to the problem?
I have been unable to find what it stands for.

When the resuts are returned, I can see in the trace that after the first
few hundreds of objects have been returned, the data flow stops for 5 - 25
seconds before the next object is sent.

This pattern continues throughout the resultset and results in the large
response time.

Are there anything else I can do to improve the response time, or do I have
to use another LDAP library?

When I browse the LDAP directory with an LDAP Browser in SSL-mode, it takes
about 25 second to open the same container as the query above reads.