Has anybody considered an "autopage" option for Net::LDAP? Sure would be nice to be able to do something like this:
$ldap = Net::LDAP->new( 'ldap.bigfoot.com', autopage => 500 ) or die "$@"; $ldap->search(... I may look at doing it myself if no one else is working on it. -----Original Message----- From: Don Miller [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 06, 2004 8:48 AM Cc: [EMAIL PROTECTED] Subject: Re: RE: Active Directory and LDAP sizelimit Here is a script with the jist of using a paged search. I chopped it up from something I am currently using so it does work. :) use Net::LDAP; use Net::LDAP::Control::Paged; use Net::LDAP::Constant qw(LDAP_CONTROL_PAGED); my $ad_ldap = Net::LDAP->new($ad_ldap_server, version => 3) or die "unable to co nnect to ad ldap: $@"; my $result = $ad_ldap->bind($ad_ldap_dn, password => $ad_ldap_password); die "error binding to ad ldap: ",$result->error if ($result->code); # AD requires paged searches to return more than 1000 objects my $page = Net::LDAP::Control::Paged->new(size => 500); my $cookie; my @args = ( 'base' => 'dc=microsoft,dc=local', 'filter' => '(&(objectclass=person)(!(objectclass=computer)))', 'attrs' => [ 'cn' ], 'control' => [ $page ], ); while ($ad_search = $ad_ldap->search(@args)) { # fatal on search error die "error searching ad ldap: ",$ad_search->error if ($ad_search->code); while (my $ad_user = $ad_search->shift_entry) { # handle next search page my ($resp) = $ad_search->control(LDAP_CONTROL_PAGED); $cookie = $resp->cookie or last; $page->cookie($cookie); } # be nice to the server and stop the search if we still have a cookie if ($cookie) { $page->cookie($cookie); $page->size(0); $ad_ldap->search(@args); } $ad_ldap->unbind; ----- Original Message ----- From: Rick Tatem <[EMAIL PROTECTED]> Date: Tuesday, July 6, 2004 6:19 am Subject: RE: Active Directory and LDAP sizelimit > The 1000 limit on the result set is due to the 'PageSize' limit. > A paged query should return them all (just not all at once... oh, > and provided that all the Ous are actually searchable by your > process). > I've not used it, but you should probably try > Net::LDAP::Control::Paged > http://search.cpan.org/~gbarr/perl-ldap/lib/Net/LDAP/Control/Paged.pm > > Rick > --- > Rick Tatem > > > -----Original Message----- > From: Jensen, John T [EMAIL PROTECTED] > Sent: Monday, July 05, 2004 10:38 PM > To: Johnson, Brian K; Jensen, John T; [EMAIL PROTECTED] > Subject: RE: Active Directory and LDAP sizelimit > > Thanks, Brian. I had finally got someone to point me to ntdsutil - > now I'm trying to make it work. The various on-line things from > Microsoft aren't that informative. But at least I now know where to > look. > > > > jj > > John Thayer Jensen, System Administrator Computing Service, School > of Business University of Auckland > > Room 256, 15 Wynyard Street > > voice: +64 9 373-7599 ext 87543 > FAX: +64 9 373-7696 > mobile: +64 21 049-7702 > quickdial: 60001 > > http://staff.business.auckland.ac.nz/~j.jensen > -----Original Message----- > From: Johnson, Brian K [EMAIL PROTECTED] > Sent: Tuesday, 6 July 2004 2:15 p.m. > To: Jensen, John T; [EMAIL PROTECTED] > Subject: RE: Active Directory and LDAP sizelimit > > Hi, > > Windows 2000 AD has a default limit of 1000. I THINK you can > change this with the ntdsutil.exe utility on a domain controller. > This utility can be used to examine and set LDAP parameters in AD. > I THINK that these settings are global for your entire forest. The > Q article: > http://support.microsoft.com/?kbid=271088 goes into detail as to > how to use this utility. > http://www.jsiinc.com/SUBJ/tip4600/rh4678.htm explains the units > of the various AD LDAP parameters. Also, Active Directory supports > paged searches....which is what I do to retrieve more than 1000 > objects. Using paged controls I routinely retrieve 20-30K objects > via a single query from my AD forest which has the default setting > of 1000 for MaxPageSize. > > > -----Original Message----- > From: Jensen, John T [EMAIL PROTECTED] > Sent: Monday, July 05, 2004 3:40 PM > To: [EMAIL PROTECTED] > Subject: Active Directory and LDAP sizelimit > > From: > > http://msdn.microsoft.com/library/default.asp?url=/library/en- > us/vbcon/html/vbtsksearchingactivedirectoryhierarchy.asp > > "The maximum number of entries to return by setting the SizeLimit > property. > Note If the maximum number of returned entries and TimeLimit > properties exceed limitations set on the server, the server > settings will override the component settings." > > If I set sizelimit in the Perl script to something LESS than 1000, > that works. I get the smaller number of returns. If I set it to > anything more, or to 0 (which is supposed to give unlimited > returns), I can only get 1000. > > I believe Perl and Net::LDAP are working properly. I think the > problem is this mysterious "limitations set on the server" that is > stopping me. > And I can't figure out how to change that. > > > > jj > > John Thayer Jensen, System Administrator Computing Service, School > of Business University of Auckland > > Room 256, 15 Wynyard Street > > voice: +64 9 373-7599 ext 87543 > FAX: +64 9 373-7696 > mobile: +64 21 049-7702 > quickdial: 60001 > > http://staff.business.auckland.ac.nz/~j.jensen > -----Original Message----- > From: Jensen, John T [EMAIL PROTECTED] > Sent: Tuesday, 6 July 2004 9:23 a.m. > To: [EMAIL PROTECTED] > Subject: RE: Scope=>'sub' not working?? > > Stranger and stranger. I just did a comparison of the two searches. > The top-down one gets 265 out of 651 objects in the OU. I am > beginning to suspect some limit on the number of returned objects > allowed. I seem to recall once hitting a 1000-object limit on AD LDAP > returns - which is killing for ADs of our size. > > > > jj > > John Thayer Jensen, System Administrator Computing Service, School > of Business University of Auckland > > Room 256, 15 Wynyard Street > > voice: +64 9 373-7599 ext 87543 > FAX: +64 9 373-7696 > mobile: +64 21 049-7702 > quickdial: 60001 > > http://staff.business.auckland.ac.nz/~j.jensen > -----Original Message----- > From: Jensen, John T > Sent: Tuesday, 6 July 2004 8:34 a.m. > To: [EMAIL PROTECTED] > Subject: Scope=>'sub' not working?? > > I'm trying to search the whole of our AD for computer objects > (using the Perl Net::LDAP module). I just put in as searchbase: > > my $searchbase='DC=com,DC=unet,DC=auckland,DC=ac,DC=nz'; > > Looking for computers so I put in: > > my $filter="(&(objectclass=User)(objectcategory=computer))"; > > I do a search: > > my > $results=$ad->search(base=>$searchbase,filter=>$filter,attrs=>$attrs); > > (scope=>'sub' is supposed to be the default, but I have also tried > with: > my > $results=$ad- > >search(base=>$searchbase,filter=>$filter,scope=>'sub',attrs=>$attrs); > > ) > > I don't get everything. If I put in a full OU: > > my $searchbase='OU=Staff Computers,OU=COM > Computers,DC=com,DC=unet,DC=auckland,DC=ac,DC=nz'; > I get objects under that OU. I haven't yet looked to see whether > my scope=>'sub' search gets some of those computers or not. But I > don't want to look under a particular OU; I want to look in the > whole AD - one of the things I am looking for is computers that > have got into the wrong location. > > > > jj > > John Thayer Jensen, System Administrator Computing Service, School > of Business University of Auckland > > Room 256, 15 Wynyard Street > > voice: +64 9 373-7599 ext 87543 > FAX: +64 9 373-7696 > mobile: +64 21 049-7702 > quickdial: 60001 > > http://staff.business.auckland.ac.nz/~j.jensen > > >
