LDAP property contains to many values

Question

I have a function witch tries to remove a member from a group

The problem is if you try to remove a member, without knowing the existence in the group, you could cause an exception. So I try to enumerate its membership beforehand.

The problem now is that the member property stops after 3000 Entries, and I don't know a way to get more, or the next 3000 members of that group.

Here is my code

DirectoryEntry target_group = new DirectoryEntry(LDAP_group_DN);
if (target_group.Properties["member"].Contains(LDAP_member_to_remove_DN)) {
    target_group.Properties["member"].Remove(LDAP_member_to_remove_DN);
}
target_group.CommitChanges();

target_group.Properties["member"] contains exactly 3000 entries, but in reality it is around 7500.

As a shorthand fix I am using the remove statement in a try/catch block without the .Contains() check, but that doesn't seem correct/beautiful/right.

Can anyone lead me to the correct way?

PS: I can not change the structure of our Directory. This is a Group of RADIUS users, with should not be split up in more groups!

Answer 1

Instead of getting all the group members to determine if the user is part of that list I would use the memberOf/isMemberOf attribute (assuming that your directory supports this feature). This attribute will tell you if a user belongs to a group without having to retrieve all group members.

This other answer might help.

Answer 2

You need to look at into MaxValRange and learn how to retrieve more values using C#.

We have a very simple sample, but, alas, it is in Java