search for one object with thousands of members fails
Michael McGovern
It works for groups with a small number (hundreds) of members but not
for one with thousands. I don't even get the first few hundred of the
large group.
I've tried using LDAP_CONTROL_PAGED, but I think that it controls
paging of large numbers of objects rather than single objects with
large numbers of members.
I would welcome suggestions to get around this problem
Code snippet:
======================================================
use Net::LDAP;
use Net::LDAP::Control::Paged;
use Net::LDAP::Constant qw(LDAP_CONTROL_PAGED);
use Net::LDAP::Util qw(ldap_error_text ldap_error_name ldap_error_desc);
$ldap_server = "college.my.dom";
$bind_user = "myuser";
$bind_pass = "mypassword";
$ldap_base = "ou=Global Groups,dc=COLLEGE,dc=my,dc=dom";
$ldap = Net::LDAP->new($ldap_server, debug => 0 ) or die "$@";
$ldap->bind($bind_user,password=>$bind_pass) or die "$@";
$group="students";
my $page = Net::LDAP::Control::Paged->new(size => 500);
my $cookie;
my @args = (
base => $ldap_base,
filter => "(cn=$group)",
attr => "member",
callback => \&process_entry,
control => [ $page ] );
while ($results = $ldap->search(@args)) {
($conres) = $results->control(LDAP_CONTROL_PAGED);
$cookie = $conres->cookie or last;
warn "got cookie\n"; # I never get a cookie, because there's only one object?
$page->cookie($cookie);
};
sub process_entry {
my $mesg = shift;
my $entry = shift;
(warn "end of entry\n", return) unless $entry;
foreach ( $entry->get_value("member")) {
# process member
};
}
======================================================
Mike
Spurrell Simon (KIDG 61)
I was using dsquery in the old days working in Exchange and AD.
dsquery * domainroot -filter
"(&(objectCategory=Person)(!objectClass=contact))" -limit 0 -attr name
department displayName
the "-limit 0" would make sure all attributes for all objects were
returned.
-----Original Message-----
From: Prentice Bisbal [mailto:pren...@ias.edu]
Sent: Monday, March 29, 2010 3:43 PM
To: perl...@perl.org
Subject: Re: search for one object with thousands of members fails
OpenLDAP, by default, limits the number of returned results to only 500,
except for the admin user. Is it possible that AD has similar default
limits? There should be some way to override that limit. Not sure if the
line
my $page = Net::LDAP::Control::Paged->new(size => 500)
affects that limit.
Prentice
--
Prentice Bisbal
Linux Software Support Specialist/System Administrator
School of Natural Sciences
Institute for Advanced Study
Princeton, NJ
Prentice Bisbal
except for the admin user. Is it possible that AD has similar default
limits? There should be some way to override that limit. Not sure if the
line
my $page = Net::LDAP::Control::Paged->new(size => 500)
affects that limit.
Prentice
--
Miller, Don C.
There was discussion on this topic a few years back and you can request
the attribute with an additional range argument 'member;Range=0-*'.
Hopefully this will provide you with consistent results. You could also
do your own member "paging" by changing the ranges until no members are
returned.
Don
-----Original Message-----
From: Spurrell Simon (KIDG 61) [mailto:simon.s...@credit-suisse.com]
Sent: Monday, March 29, 2010 6:59 AM
To: Prentice Bisbal; perl...@perl.org
Subject: RE: search for one object with thousands of members fails
Michael McGovern
the trick.
Also thanks to Graham Barr for the 'debug => 15' tip, which showed I
was getting the data back ok but not displaying it because the
attribute in get_value has to be something like
'member;range=1000-1999' as opposed to 'member'
Mike
2010/3/29 Miller, Don C. <do...@uidaho.edu>: