[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ldapsearch against AD for large groups (>1000 members)
Michael,
I posted to the newsgroup about this same issue a
couple of weeks ago. The 1,000 entires is a maximum
page size that AD will send in responses. It can be
changed if you have admin access on your PDC.
Better yet though, you can look at the code for the
program "net" which comes with Samba 3.0 Alpha 17. It
includes a working example of how to do a "paged"
query against AD, and thus request the remainder of
the results. The name of the function which does it is
"ads_do_paged_search".
--Dave
--- Michael_Ströder <michael@stroeder.com> wrote:
> Antti Tikkanen wrote:
> >
> > I am not sure if this is an OpenLDAP thing or an
> AD thing.
>
> Don't know the details about AD but I guess it's not
> an OpenLDAP
> issue since I used OpenLDAP client in a test to
> query a group
> entry with 200000 member values from Netscape DS
> 4.1x.
>
> > When I use
> > ldapsearch to get the members of an AD group with
> more than 1000 members,
> > I only receive the first 1000:
> >
> > # ldapsearch -LL '(cn=testgroup)'
> >
> > --clip--
> >
> > dn: CN=testgroup,<...>
> > member;range=0-999:CN=test999,<...>
> > member;range=0-999:CN=test998,<...>
> > member;range=0-999:CN=test997,<...>
>
> Seems playing with the ;range sub-type when
> explicitly requesting
> attributes might be interesting...
>
> But why do you want to retrieve all members? In most
> applications
> this does not scale very well anyway.
>
> Ciao, Michael.
>
__________________________________________________
Do You Yahoo!?
Sign up for SBC Yahoo! Dial - First Month Free
http://sbc.yahoo.com