Hi Cornelius,
Thanks for getting back to me. Firstly, sorry for using the wrong terminology :-)
Really grateful for your clarification.
So if I understand correctly, when it shows “1000 users” in the user tab. That is just the number from the current “filter” results and not the actual number of users the system has tokens for. If so, is there a way to show the number of users that have tokens enrolled?
Thank you so much
Mark
-----Original Message-----
From: Cornelius Kölbel [mailto:corneliu...@netknights.it]
Sent: 14 December 2015 09:27
To: Williams Mark (EAST KENT HOSPITALS UNIVERSITY NHS FOUNDATION TRUST)
Cc: privacyidea
Subject: Re: Privacyidea and Active Directory limit of 1000 users
Hello Mark,
the users are not imported into privacyIDEA.
privacyIDEA performs a live query on the user store.
In the test example, privacyIDEA tries to fetch all users.
In any other case, it will try to fetch a user with sAMAccountName=mark.williams or with the DN=CN=user,CN=users,DC=nhs,DC=net.
I.e. if you see only 1000 users at this point, this does not matter. You do not want to see more than 20 or 50 users at once, anyway.
So you may simply ignore this.
If you go to the users tab, the users tab will display all users it finds, per default with the searchpattern username=* => 1000 users.
The last username to be found might be "koelbel". No users with a letter after "k".
If you search in the user tab and enter "will", it will find all users with the search pattern = "*will*".
Thus you will see the user "williams" and the user "godwill".
The 1000 is no limitation by privacyidea.
Rather active directory limits the result size in certain cases by itself. You may see this in the microsoft management console ADUC snapin, which tells you: "more than 2000 users found... go on with bugging my CPU...".
So not finding all 8721 users with the "test button" has no impact on privacyIDEA's functionality. It rather would have an impact on privacyIDEA's performance, if you would find all these users...
If you have any further question, please do not hesitate to drop it!
Kind regards
Cornelius
Am Montag, den 14.12.2015, 00:01 -0800 schrieb Mark Williams:
> --
> You received this message because you are subscribed to the Google
> Groups "privacyidea" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to privacyidea...@googlegroups.com.
> To post to this group, send email to priva...@googlegroups.com.
> To view this discussion on the web visit
> For more options, visit https://groups.google.com/d/optout.
--
Cornelius Kölbel
+49 151 2960 1417
NetKnights GmbH
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel