[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: sizelimit doesn't seem to be reflected into "ldap" backends?

Jason Haar wrote:
Hi there

I'm wanting to use slapd as a "LAF" - LDAP Application Firewall - to
filter and log calls to our backend Active Directory LDAP network.

I've just slapd doing the job just fine - except that it can't return
large LDAP data dumps... If I use "ldapsearch -E pr=900/noprompt"
directly against an AD LDAP server, I can get it to dump everything.
However, if I do the same command against a slapd proxy, I get the "size
exceeded" error message. It appears slapd doesn't understand this
extension, and isn't passing it on to the backend?

slapd understands the pagedResults extension just fine, Microsoft's implementation is broken and the behavior you're trying to take advantage of is a bug in their server.

Any ideas how I could get around this, besides saying we need to touch
our AD to get rid of the size limit (I've already thought of that :-)

That would be the correct thing to do.

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/