Package: libnss-ldapd Version: 0.6 Severity: wishlist I ran into this problem when trying to use nss-ldapd with LDAP from an Microsoft Active Directory server. The problem only appear if there are more than 1500 members in a group. When there are fewer than 1500 members, the result from the LDAP server look like this:
member: CN=user1,OU=Elever,OU=ULS,OU=VG,OU=Skoler,DC=SKOLEN,DC=LOCAL member: CN=user2,OU=Ansatte,OU=ULS,OU=VG,OU=Skoler,DC=SKOLEN,DC=LOCAL This is properly handled by ldap_get_values(), and the nss-ldapd module work properly. For groups with more than 1500 members, the result from the LDAP server look like this: member;range=0-1499: CN=user1,OU=Elever,OU=OVO,OU=VO,OU=Skoler,DC=SKOLEN,DC=LOCAL member;range=0-1499: CN=user2,OU=Ansatte,OU=OVO,OU=VO,OU=Skoler,DC=SKOLEN,DC=LOCAL This notation is not handled by ldap_get_values(), and it return NULL, resulting in a group with zero members. libnss-ldapd thus fail with a large AD based LDAP database with large groups. :( I asked the openldap upstream about this, and was told that the way Active Directory LDAP handle this is not according to the LDAP specification. See <URL: http://www.OpenLDAP.org/its/index.cgi?findid=5472 > for that request. This of course do not help me, which need to get this working with Active Directory LDAP. A quick look at the nss-ldap page, <URL: http://www.padl.com/OSS/nss_ldap.html >, tells me that it is supported there (it is called "Specific Active Directory support including incremental retrieval of multi-valued attributes" there. There is code in ldap-grp.c implementing this. The nss-ldap module is not a very attractive alternative, as it uses a large amount of connections to the LDAP server, and present a scaling issue I hoped to solve using nss-ldapd. Please add support for incremental retrieval of multi-valued attributes as implemented by AD to nss-ldapd, to make it work with large groups. Happy hacking, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
