Don,
Thanks for the response.
First of all you mentioned that if you don't specify a range and the
group contains more then 1000 users, $entry->get_value("member") will
return 'member;Range=0-999', however, in my case it doesn't appear to
return anything becuase when I loop through the @members, it is empty.
I tried using ('member;Range=0-*') and I still got nothing.
I played around with the Range and specified an upper limit like 0-100
and 100 of the users were returned. This method will work for this
script because I am simply trying to determine if a group is empty,
however, I may want the ability to return all members of a group,
regardless of how many members there are.
Thanks!
On 12/11/06, Don C. Miller <[EMAIL PROTECTED]> wrote:
Megan, I hope everything is going well for you. The trick for getting
this to work is to request the attribute 'member;Range=0-*' and then
get_value('member;Range=0-*'). This should work on a group any size
although I haven't tested on enormous groups. The 'Range' is case
sensitive when requesting the attr but not on get_value. By default if
the group has more than 1000 users, and you don't specify a range, it
will return 'member;Range=0-999'.
You can play with the range...but here is one thing to keep in mind. If
you use a value greater than the number of members it will return the
value as Range=0-*. For instance, if I have a group with 1025 members
here are the attributes I will get back:
'member' returns 'member;Range=0-999'
'member;Range=0-500' returns 'member;Range=0-500'
'member;Range=0-1500' returns 'member;Range=0-*' (1500 is greater than
the 1025 members)
'member;Range=0-*' returns 'member;Range=0-*'
Keep in mind you can use the dump method to output a quick "raw" view of
everything in the entry object.
Don
-----Original Message-----
From: Graham Barr [mailto:[EMAIL PROTECTED]
Sent: Monday, December 11, 2006 4:51 PM
To: [EMAIL PROTECTED]
Cc: Perl-LDAP Mailing List
Subject: Fwd: Net::LDAP search
Begin forwarded message:
> From: "Megan Kielman" <[EMAIL PROTECTED]>
> Date: December 11, 2006 5:41:02 PM CST
> Subject: Net::LDAP search
> Message-Id:
> <[EMAIL PROTECTED]>
>
> Graham,
>
> I hope it is ok that I am emailing you. Anyway, I am searching for
> groups in AD and writing the contents of the "member" attribute to a
> file. I have found there are cases when some groups are not returning
> the members, but when I look in AD, the group does in fact have
> members.
>
> One thing that is common amongst these groups is that when viewing
> them via ADUC, the members all have gray hair which according to MS
> means that the group contains more then 500 members.
>
> here is a sample of my code:
>
> my $ldap = Net::LDAPS->new($addr) or die "$@"; my $login =
> $ldap->bind($user, password=> $pass); my @srcargs1 = (
> base => $path,
> scope => "sub",
> filter => "(sAMAccountName=
> $group)",
> attrs => ['member', 'name',
> 'description', 'managedBy', 'createTimeStamp', 'modifyTimeStamp'],
> control => [ $page ],
> );
> $search = $ldap->search(@srcargs1);
> foreach $entry ($search->entries) {
> @members = $entry->get_value("member");
> unless (scalar(@members)) {
> &getempty($entry);
> $count++;
> }else{
> print "$group is not empty\n";
> }
> }
>
