[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap_get_values returns NULL when attribute got more then 1000 values.

Hagai Yaffe writes:

> After a little snooping around I have discovered that for a user who
> is member off more then a 1000 groups the Active Directory server
> sends only a 1000 groups, it also sends an header to inform the client
> of this, the header looks like this :
> .memberOf1.....0.......memberOf;range=0-999

There are no 'headers' in the LDAP protocol.  If you mean AD sends an
attribute with that attribute description, or with attribute description
ending with ";range" and a value of "0-999", that is an AD bug.  The
attribute description (attribute type;option;option...) must start with
a letter or a digit, among other things.  And it can only contain
periods when the attribute type is a sequence of integers separated by
single periods.  See rfc2251 section 4.1.4 - 4.1.5.