Re: AD: partial answer for a multivalue attribute

[Durairaj K. Avasi]

Hello,

You can use page to get all the members ( i think thats the only option you have
... page size defined by the directory server.. )

here is the model code .. you can use..

#!/usr/bin/perl -w
use Net::LDAP;
use Net::LDAP::Control::Paged;
use Net::LDAP::Constant qw( LDAP_CONTROL_PAGED );

$ldap = Net::LDAP->new('ldap.dir.webdurai.com' ) or die "$@";

$ldap->bind ('cn=Avasi, cn=Durairaj',
              password=>'TestNow123!',
              version  => '3',
);

ouscan("o=AD");

$ldap->unbind();

#close OUT;

sub ouscan
{
        $base = shift @_;

        # print "\n$base\n";

        $page = Net::LDAP::Control::Paged->new( size => 1000 );

        @args = (
                base     => $base,
                scope    => "subtree",
                filter => 'objectClass=organizationalPerson',
                control  => [ $page ],
                attrs => ["distinguishedName"]
        );

        my $cookie;
        while(1) {
                # Perform search
                my $mesg = $ldap->search( @args );

                # Only continue on LDAP_SUCCESS
                if ($mesg->code)
                {
                        warn "ERROR - not LDAP_SUCCESS";
                        last;
                }

                # Get cookie from paged control
                my($resp)  = $mesg->control( LDAP_CONTROL_PAGED ) or last;
                $cookie    = $resp->cookie or last;

                # Set cookie in paged control
                $page->cookie($cookie);

                foreach $entry ($mesg->all_entries)
                {
                        print " Here he is " . 
$entry->get_value('distinguishedName');
                }
        }
        if ($cookie) {
                $page->cookie($cookie);
                $page->size(0);
                $ldap->search( @args );
        }
}

Have fun with it

Thanks and Kind regards
Durairaj K. Avasi



Quoting Hirmke Michael <[EMAIL PROTECTED]>:

> Hi *,
>
> using Net:LDAP 0.31 I wrote a script to retrieve Active Directory data.
> Especially I am interested in getting a list of members for all our
> groups.
> Problem is, a few of these groups have more than 3000 members. If I try
> to get the member attribute for one of them, the following attribute name
> is returned: "member;range=0-1499"; the according value then consists of
> exactly these 1499 members.
> I know how to check for an attribute with this range suffix, but I don't
> know how if there is an "official" method to handle it and I also don't
> know how to retrieve the remaining members with an additional search.
> Or perhaps there is some sort of parameter I can add to the first search
> to get all the members within one search call.
>
> Can anyone help me with this?
>
> TIA.
> Bye.
> Michael.
>


--
======================
Catch the mars if you can!!!