5

We are currently in the process of migrating from an aged proprietary directory service to OpenLDAP. Today we ran into the problem that ldap_search_ext_s or ldapsearch in general does not return any results, if the number of entries, which were to be returned by the current search, would hit a certain limit.

Unfortunately setting the size limit higher in the LDAP server configuration might just postpone the problem, as we have a really big database and our update mechanism, which runs every morning, has to performe huge queries.

In the MSDN documentation I noticed that there is a mechanism to perform a paged search, which would allow me to get around the size limitation. Apparently this is also specified in an RFC draft from 1996 but hasn't been finalized (yet)?

Anyway, since I'm not working on a Windows-Box I have to use the OpenLDAP API, which doesn't seem to provide that mechanism (at least I couldn't find it on their search page)

Which brings me to my question: Do you have an idea what I could do, to solve that problem in an elegant manner?

Thanks for your help!

Community
  • 1
  • 1
lx.
  • 2,317
  • 1
  • 22
  • 32

4 Answers4

2

OpenLDAP supports paged result retrieval via ldap_create_page_control () and friends. Here is a description and sample code. If that doesn't help I may be able to provide excerpts from production code.

Brian
  • 6,391
  • 3
  • 33
  • 49
dennycrane
  • 2,301
  • 18
  • 15
1

I had an issue using ldap_create_page_control with ldap_search_ext_s, my ldap library implementation was using LDAP version 2 by default and it looks it's supported for version 3+. It was returning "Not supported" from ldap_search_ext_s() before I set LDAP to version 3.

Raphael Prudencio
  • 11
  • 1
0

I was able to get around the size limitation using ldap_control_paged_result

ldap_control_paged_result is used to Enable LDAP pagination by sending the pagination control. The below function worked perfectly in my case.

    function retrieves_users($conn)
    {
        $dn        = 'ou=,dc=,dc=';
        $filter    = "(&(objectClass=user)(objectCategory=person)(sn=*))";
        $justthese = array();

        // enable pagination with a page size of 100.
        $pageSize = 100;

        $cookie = '';

        do {
            ldap_control_paged_result($conn, $pageSize, true, $cookie);

            $result  = ldap_search($conn, $dn, $filter, $justthese);
            $entries = ldap_get_entries($conn, $result);

            if(!empty($entries)){
                for ($i = 0; $i < $entries["count"]; $i++) {
                    $data['usersLdap'][] = array(
                            'name' => $entries[$i]["cn"][0],
                            'username' => $entries[$i]["userprincipalname"][0]
                    );
                }
            }
            ldap_control_paged_result_response($conn, $result, $cookie);

        } while($cookie !== null && $cookie != '');

        return $data;
    }
Fokwa Best
  • 3,322
  • 6
  • 36
  • 51
-3

Use AD or Novell's eDirectory? ;)

jwilleke
  • 10,467
  • 1
  • 30
  • 51
  • All kinds of Active Directory (including the one used in domain controllers, and also standalone ones like ADAM and AD LDS) normally have a limit of 1000 results returned per request, so if you expect your query to return more results than that, you have to use some kind of paged search: either via Simple Paged Results control, or via Virtual List View (VLV) control. – vond Nov 28 '13 at 20:47