[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap_get_values returns NULL when attribute got more then 1000 values.

To: Hagai Yaffe <HagaiY@Cyber-Ark.com>
Subject: Re: ldap_get_values returns NULL when attribute got more then 1000 values.
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Wed, 7 Apr 2004 17:19:31 +0200
Cc: openldap-software@OpenLDAP.org
In-reply-to: <93F63181B5926E4FA7A5AD0238924494039E9A@ca-prod2.cyber-ark.co.il>
References: <93F63181B5926E4FA7A5AD0238924494039E9A@ca-prod2.cyber-ark.co.il>

Hagai Yaffe writes:

> After a little snooping around I have discovered that for a user who
> is member off more then a 1000 groups the Active Directory server
> sends only a 1000 groups, it also sends an header to inform the client
> of this, the header looks like this :
> 
> .memberOf1.....0.......memberOf;range=0-999

There are no 'headers' in the LDAP protocol.  If you mean AD sends an
attribute with that attribute description, or with attribute description
ending with ";range" and a value of "0-999", that is an AD bug.  The
attribute description (attribute type;option;option...) must start with
a letter or a digit, among other things.  And it can only contain
periods when the attribute type is a sequence of integers separated by
single periods.  See rfc2251 section 4.1.4 - 4.1.5.

-- 
Hallvard

References:
- ldap_get_values returns NULL when attribute got more then 1000 values.
  - From: Hagai Yaffe <HagaiY@Cyber-Ark.com>

Prev by Date: Re: ldap_get_values returns NULL when attribute got more then 1000 values.
Next by Date: Re: slapd-ldap meta backend and flat ldap migration
Index(es):
- Chronological
- Thread