[Date Prev][Date Next]
(ITS#5472) ldap_get_values() should handle paged results from LDAP/AD
Full_Name: Petter Reinholdtsen
OS: Debian GNU/Linux Etch
Submission from: (NULL) (2001:700:100:6:213:72ff:fe93:c639)
I ran into this problem when trying to use nss-ldapd with LDAP
from an Microsoft Active Directory server. The problem only appear if there
are more than 1500 members in a group. When there are fewer than 1500 members,
the result from the LDAP server look like this:
This is properly handled by ldap_get_values(), and the nss-ldapd module work
properly. For groups with more than 1500 members, the result from the LDAP
look like this:
This notation is not handled by ldap_get_values(), and it return NULL, resulting
a group with zero members. Is there a way to parse such "paged" attributes
the openldap library, and could ldag_get_values() be changed to handle these?
Is the range= notation legal LDAP notation? I have been unable to find
about this in any RFC, but our resident LDAP expert mentioned that it could be
according to some extention specification. Have not been able to find
To get the rest of the members I have to ask for attribute 'member;range=1500-*'
repeat this until the result show for example 'range=6000-*' to indicate that
this is the last batch of members.