H
hagai yaffe
Hello.
I have wrote a program that uses the OpenLDAP API
version 2.1.22 to get data from windows Active Directory,
I am using the "memberOf" attribute to get all the groups
a user is assigned to in the Active Directory, for a user
who has less then a 1000 groups I have no problem, but for
a user who is member off more then 1000 groups the
ldap_get_values function returns NULL.
After a little snooping around I have discovered that for
a user who is member off more then a 1000 groups the
Active Directory server sends only 1000 groups, it also
sends an header to inform the client of this, the header
looks like this :
..memberOf1.....0.......memberOf;range=0-999
after this header a 1000 group names are sent, for less
then a 1000 groups this header does not appear (only a
header that identify the attribute as "memberOf").
I think that this is caused because that the Active
Directory server treats my request as a paged search
request, so I am getting a paged search control in the
response (this is the header "memberOf;range=0-999"). I
don't know why the server is treating a normal request as
a paged search request, this is not compliant with the
LDAP rfc, is there a way to prevent this ? or maybe to
increase the paged search size ? (default is 1000).
Any help / ideas on the subject would be greate.
TX.
Hagai.
I have wrote a program that uses the OpenLDAP API
version 2.1.22 to get data from windows Active Directory,
I am using the "memberOf" attribute to get all the groups
a user is assigned to in the Active Directory, for a user
who has less then a 1000 groups I have no problem, but for
a user who is member off more then 1000 groups the
ldap_get_values function returns NULL.
After a little snooping around I have discovered that for
a user who is member off more then a 1000 groups the
Active Directory server sends only 1000 groups, it also
sends an header to inform the client of this, the header
looks like this :
..memberOf1.....0.......memberOf;range=0-999
after this header a 1000 group names are sent, for less
then a 1000 groups this header does not appear (only a
header that identify the attribute as "memberOf").
I think that this is caused because that the Active
Directory server treats my request as a paged search
request, so I am getting a paged search control in the
response (this is the header "memberOf;range=0-999"). I
don't know why the server is treating a normal request as
a paged search request, this is not compliant with the
LDAP rfc, is there a way to prevent this ? or maybe to
increase the paged search size ? (default is 1000).
Any help / ideas on the subject would be greate.
TX.
Hagai.