[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ldap_get_values returns NULL when attribute got more then 1000 values.
- To: openldap-software@OpenLDAP.org
- Subject: ldap_get_values returns NULL when attribute got more then 1000 values.
- From: Hagai Yaffe <HagaiY@Cyber-Ark.com>
- Date: Wed, 07 Apr 2004 17:36:12 +0300
- Content-class: urn:content-classes:message
- Thread-index: AcQcraymJGTupTg2TKSd4KvqEpBXOw==
- Thread-topic: ldap_get_values returns NULL when attribute got more then 1000 values.
Hello.
I am using the OpenLDAP API version 2.1.22 to get data from windows Active Directory, I am using the "memberOf" attribute to get all the groups a user is assigned to in the Active Directory, for a user who has less then a 1000 groups I have no problem, but for a user who is member off more then 1000 groups the ldap_get_values function returns NULL.
After a little snooping around I have discovered that for a user who is member off more then a 1000 groups the Active Directory server sends only a 1000 groups, it also sends an header to inform the client of this, the header looks like this :
.memberOf1.....0.......memberOf;range=0-999
after this header a 1000 group names are sent, for less then a 1000 groups this header does not appear (only a header that identify the attribue as "memberOf").
It looks like the OpenLDAP API code is not ready to handle this header, The code looks for a length value and gets a length of 0 bytes, this cause the function to return NULL.
My question is if this is a bug in the OpenLDAP API code or a miss behavior by the Active Directory server ? any help / ideas on the subject would be greate.
TX.
Hagai.