All geek questions in one place

Paged ldap_search in OpenLDAP to get around the size limit?

We are currently moving from an old proprietary directory service to OpenLDAP. Today we are faced with the problem that ldap_search_ext_s or ldapsearch does not return any results at all if the number of records that should have been returned by the current search reaches a certain limit.

Unfortunately, setting the size limit higher in the LDAP server configuration may just postpone the problem, since we have a really large database, and our update mechanism, which starts every morning, must fulfill huge requests.

In the MSDN documentation, I noticed that there is a mechanism for making a search call that will allow me to bypass the size limit. Apparently, this is also indicated in the RFC project of 1996 , but not yet completed (yet)?

In any case, since I do not work in Windows-Box, I should use the OpenLDAP API, which does not seem to provide this mechanism (at least I could not find it on the search page )

Which brings me to my question: do you have an idea what I can do to solve this problem in an elegant way?

Thank you for your help!

+3
source share
4 answers

OpenLDAP ldap_create_page_control () . - . , .

+1

ldap_create_page_control ldap_search_ext_s, ldap LDAP 2 , , 3+. " " ldap_search_ext_s(), LDAP 3.

+1

, ldap_control_paged_result

ldap_control_paged_result LDAP . .

    function retrieves_users($conn)
    {
        $dn        = 'ou=,dc=,dc=';
        $filter    = "(&(objectClass=user)(objectCategory=person)(sn=*))";
        $justthese = array();

        // enable pagination with a page size of 100.
        $pageSize = 100;

        $cookie = '';

        do {
            ldap_control_paged_result($conn, $pageSize, true, $cookie);

            $result  = ldap_search($conn, $dn, $filter, $justthese);
            $entries = ldap_get_entries($conn, $result);

            if(!empty($entries)){
                for ($i = 0; $i < $entries["count"]; $i++) {
                    $data['usersLdap'][] = array(
                            'name' => $entries[$i]["cn"][0],
                            'username' => $entries[$i]["userprincipalname"][0]
                    );
                }
            }
            ldap_control_paged_result_response($conn, $result, $cookie);

        } while($cookie !== null && $cookie != '');

        return $data;
    }
0

AD Novell eDirectory?;)

-3

Source: https://habr.com/ru/post/1724602/

More articles:


All Articles