I'm trying to extract a list of the members of of a Global Group in AD.
It works for groups with a small number (hundreds) of members but not
for one with thousands. I don't even get the first few hundred of the
large group.
I've tried using LDAP_CONTROL_PAGED, but I think that it controls
paging of large numbers of objects rather than single objects with
large numbers of members.
I would welcome suggestions to get around this problem
Code snippet:
======================================================
use Net::LDAP;
use Net::LDAP::Control::Paged;
use Net::LDAP::Constant qw(LDAP_CONTROL_PAGED);
use Net::LDAP::Util qw(ldap_error_text ldap_error_name ldap_error_desc);
$ldap_server = "college.my.dom";
$bind_user = "myuser";
$bind_pass = "mypassword";
$ldap_base = "ou=Global Groups,dc=COLLEGE,dc=my,dc=dom";
$ldap = Net::LDAP->new($ldap_server, debug => 0 ) or die "$@";
$ldap->bind($bind_user,password=>$bind_pass) or die "$@";
$group="students";
my $page = Net::LDAP::Control::Paged->new(size => 500);
my $cookie;
my @args = (
base => $ldap_base,
filter => "(cn=$group)",
attr => "member",
callback => \&process_entry,
control => [ $page ] );
while ($results = $ldap->search(@args)) {
($conres) = $results->control(LDAP_CONTROL_PAGED);
$cookie = $conres->cookie or last;
warn "got cookie\n"; # I never get a cookie, because there's only one object?
$page->cookie($cookie);
};
sub process_entry {
my $mesg = shift;
my $entry = shift;
(warn "end of entry\n", return) unless $entry;
foreach ( $entry->get_value("member")) {
# process member
};
}
======================================================
Mike
