[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapsearch against AD for large groups (>1000 members)



On Fri, 5 Jul 2002, Antti Tikkanen wrote:

> Hi,
> 
> I am not sure if this is an OpenLDAP thing or an AD thing. When I use
> ldapsearch to get the members of an AD group with more than 1000 members,
> I only receive the first 1000:
> 
>  # ldapsearch -LL '(cn=testgroup)'
>  
>  --clip--
>  
>   dn: CN=testgroup,<...>
>   member;range=0-999:CN=test999,<...>
>   member;range=0-999:CN=test998,<...>
>   member;range=0-999:CN=test997,<...>

Getting back to this, I think I know what the problem is. A different
thing is what to do about it. 

I gather that MS is using the Internet Draft:

"Incremental Retrieval of Multi-valued Properties"  
(http://http://www.watersprings.org/pub/id/draft-kashi-incremental-00.txt
is the only link I found valid)

Probably no one else supports this? Nor ever will? At least not OpenLDAP? 
The draft has expired in May 2002, and is written by Microsoft people.. :)

Regards,
Antti


-- 

Antti.Tikkanen@hut.fi 
Helsinki University of Technology 
Computing Centre