[lsc-dev] [LDAP Synchronization Connector - Feature #824] Add page support to the ldap.search method

Fri, 22 Jan 2016 09:54:12 -0800 

Issue #824 has been updated by Jon Kidder.


Clément, I am being limited by the number of entries returned.  When I execute 
the filter (PrimaryGroupID=513) in Apache directory Studio with paging enabled 
I get back 18,043 DNs.  When I do this same thing using members = 
srcLdap.search("", "(primaryGroupID=" + groupId + ")").toArray() where 
groupId=513 I get back an array of length 1000 which is the default page size 
in AD.

I didn’t want to declare this a bug because I didn’t know for certain if page 
support was expected to exist in the ScriptableJNDIServices.search() method.

----------------------------------------
Feature #824: Add page support to the ldap.search method
http://tools.lsc-project.org/issues/824

Author: Jon Kidder
Status: New
Priority: Normal
Assigned to: 
Category: Core
Target version: 2.2


I have an AD admin that absolutely loves using Primary Groups in AD.  Primary 
Group membership is not reflected in the member attribute of a group.  Primary 
group membership is attached to the user record as primaryGroupID. Any group 
can be assigned as a users primary group.  To accurately synchronize AD groups 
with OpenLDAP you must account for this additional primary group membership.  
In my group sync I build a destination member list from the source member list 
normally.  I also extract the primary group id from the SID and perform a 
secondary search for users with the identified primaryGroupID using 
ldap.search.  I add the additional discovered users to the destination member 
list.  This is creating an incomplete sync because this secondary search is 
generating result sets larger than the default page size configured in AD and 
ldap.search is only returning the first page.


-- 
You have received this notification because you have either subscribed to it, 
or are involved in it.
To change your notification preferences, please click here: 
http://tools.lsc-project.org/my/account

_______________________________________________________________
Ldap Synchronization Connector (LSC) - http://lsc-project.org

lsc-dev mailing list
[email protected]
http://lists.lsc-project.org/listinfo/lsc-dev

Reply via email to