Yes I believe the AD does have a limit. I was using dsquery in the old days working in Exchange and AD.
dsquery * domainroot -filter "(&(objectCategory=Person)(!objectClass=contact))" -limit 0 -attr name department displayName the "-limit 0" would make sure all attributes for all objects were returned. -----Original Message----- From: Prentice Bisbal [mailto:prent...@ias.edu] Sent: Monday, March 29, 2010 3:43 PM To: perl-ldap@perl.org Subject: Re: search for one object with thousands of members fails OpenLDAP, by default, limits the number of returned results to only 500, except for the admin user. Is it possible that AD has similar default limits? There should be some way to override that limit. Not sure if the line my $page = Net::LDAP::Control::Paged->new(size => 500) affects that limit. Prentice Michael McGovern wrote: > I'm trying to extract a list of the members of of a Global Group in AD. > It works for groups with a small number (hundreds) of members but not > for one with thousands. I don't even get the first few hundred of the > large group. > > I've tried using LDAP_CONTROL_PAGED, but I think that it controls > paging of large numbers of objects rather than single objects with > large numbers of members. > > I would welcome suggestions to get around this problem > Code snippet: > ====================================================== > use Net::LDAP; > use Net::LDAP::Control::Paged; > use Net::LDAP::Constant qw(LDAP_CONTROL_PAGED); > use Net::LDAP::Util qw(ldap_error_text ldap_error_name ldap_error_desc); > $ldap_server = "college.my.dom"; > $bind_user = "myuser"; > $bind_pass = "mypassword"; > $ldap_base = "ou=Global Groups,dc=COLLEGE,dc=my,dc=dom"; > $ldap = Net::LDAP->new($ldap_server, debug => 0 ) or die "$@"; > $ldap->bind($bind_user,password=>$bind_pass) or die "$@"; > $group="students"; > my $page = Net::LDAP::Control::Paged->new(size => 500); > my $cookie; > my @args = ( > base => $ldap_base, > filter => "(cn=$group)", > attr => "member", > callback => \&process_entry, > control => [ $page ] ); > > while ($results = $ldap->search(@args)) { > ($conres) = $results->control(LDAP_CONTROL_PAGED); > $cookie = $conres->cookie or last; > warn "got cookie\n"; # I never get a cookie, because there's only one object? > $page->cookie($cookie); > }; > > sub process_entry { > my $mesg = shift; > my $entry = shift; > (warn "end of entry\n", return) unless $entry; > foreach ( $entry->get_value("member")) { > # process member > }; > } > ====================================================== > > > Mike > -- Prentice Bisbal Linux Software Support Specialist/System Administrator School of Natural Sciences Institute for Advanced Study Princeton, NJ
