[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ldapsearch against AD for large groups (>1000 members)
On Fri, 5 Jul 2002, Michael Ströder wrote:
> > When I use
> > ldapsearch to get the members of an AD group with more than 1000 members,
> > I only receive the first 1000:
> >
> > # ldapsearch -LL '(cn=testgroup)'
> >
> > --clip--
> >
> > dn: CN=testgroup,<...>
> > member;range=0-999:CN=test999,<...>
> > member;range=0-999:CN=test998,<...>
> > member;range=0-999:CN=test997,<...>
>
> Seems playing with the ;range sub-type when explicitly requesting
> attributes might be interesting...
I tried this with the following:
1) ldapsearch -LL '(cn=testgroup)' 'member;range=0-999'
2) ldapsearch -LL '(cn=testgroup)' 'member;range=0-*'
3) ldapsearch -LL '(cn=testgroup)' 'member;range=1000-1999'
4) ldapsearch -LL '(cn=testgroup)' 'member;range=1000-*'
5) ldapsearch -LL '(cn=testgroup)' 'member;range=0-999' 'member;range=1000-1999'
6) ldapsearch -LL '(cn=testgroup)' 'member;range=0-999' 'member;range=1000-*'
First two will return the 1000 first users. Numbers 3&4 will return the
500 remaining users (I have a total of 1500), but not the first 1000.
Numbers 5&6 will return only the first 1000 users. I see no way of getting
all the users with one query.. anyone?
Seems this is indeed an AD thing, though.
Best regards,
Antti
--
Antti.Tikkanen@hut.fi
Helsinki University of Technology
Computing Centre / User Support