On Mar 30, 2010, at 6:37 AM, Michael McGovern wrote: > Thanks contributors, especially Don for the 'range=0-*' tip. That did > the trick. > > Also thanks to Graham Barr for the 'debug => 15' tip, which showed I > was getting the data back ok but not displaying it because the > attribute in get_value has to be something like > 'member;range=1000-1999' as opposed to 'member'
Just a thought, but as there is an option to get of alloptions => 1 which returns a hashref, I wonder if it would be useful to have ignoreoptions that would ignore everything after the ; If anyone want to write such a patch I would accept it. Graham. > > Mike > > > > > 2010/3/29 Miller, Don C. <d...@uidaho.edu>: >> The -limit option for dsquery deals with the paging not with attributes. >> There was discussion on this topic a few years back and you can request >> the attribute with an additional range argument 'member;Range=0-*'. >> Hopefully this will provide you with consistent results. You could also >> do your own member "paging" by changing the ranges until no members are >> returned. >> >> Don >> >> -----Original Message----- >> From: Spurrell Simon (KIDG 61) [mailto:simon.spurr...@credit-suisse.com] >> >> Sent: Monday, March 29, 2010 6:59 AM >> To: Prentice Bisbal; perl-ldap@perl.org >> Subject: RE: search for one object with thousands of members fails >> >> Yes I believe the AD does have a limit. >> >> I was using dsquery in the old days working in Exchange and AD. >> >> dsquery * domainroot -filter >> "(&(objectCategory=Person)(!objectClass=contact))" -limit 0 -attr name >> department displayName >> >> the "-limit 0" would make sure all attributes for all objects were >> returned. >> >> >> >> >> -----Original Message----- >> From: Prentice Bisbal [mailto:prent...@ias.edu] >> Sent: Monday, March 29, 2010 3:43 PM >> To: perl-ldap@perl.org >> Subject: Re: search for one object with thousands of members fails >> >> OpenLDAP, by default, limits the number of returned results to only 500, >> except for the admin user. Is it possible that AD has similar default >> limits? There should be some way to override that limit. Not sure if the >> line >> >> my $page = Net::LDAP::Control::Paged->new(size => 500) >> >> affects that limit. >> >> Prentice >> >> >> Michael McGovern wrote: >>> I'm trying to extract a list of the members of of a Global Group in >> AD. >>> It works for groups with a small number (hundreds) of members but not >>> for one with thousands. I don't even get the first few hundred of the >>> large group. >>> >>> I've tried using LDAP_CONTROL_PAGED, but I think that it controls >>> paging of large numbers of objects rather than single objects with >>> large numbers of members. >>> >>> I would welcome suggestions to get around this problem Code snippet: >>> ====================================================== >>> use Net::LDAP; >>> use Net::LDAP::Control::Paged; >>> use Net::LDAP::Constant qw(LDAP_CONTROL_PAGED); use Net::LDAP::Util >>> qw(ldap_error_text ldap_error_name >> ldap_error_desc); >>> $ldap_server = "college.my.dom"; >>> $bind_user = "myuser"; >>> $bind_pass = "mypassword"; >>> $ldap_base = "ou=Global Groups,dc=COLLEGE,dc=my,dc=dom"; >>> $ldap = Net::LDAP->new($ldap_server, debug => 0 ) or die "$@"; >>> $ldap->bind($bind_user,password=>$bind_pass) or die "$@"; >>> $group="students"; my $page = Net::LDAP::Control::Paged->new(size => >>> 500); my $cookie; my @args = ( >>> base => $ldap_base, >>> filter => "(cn=$group)", >>> attr => "member", >>> callback => \&process_entry, >>> control => [ $page ] ); >>> >>> while ($results = $ldap->search(@args)) { >>> ($conres) = $results->control(LDAP_CONTROL_PAGED); >>> $cookie = $conres->cookie or last; >>> warn "got cookie\n"; # I never get a cookie, because there's only >> one object? >>> $page->cookie($cookie); >>> }; >>> >>> sub process_entry { >>> my $mesg = shift; >>> my $entry = shift; >>> (warn "end of entry\n", return) unless $entry; >>> foreach ( $entry->get_value("member")) { >>> # process member >>> }; >>> } >>> ====================================================== >>> >>> >>> Mike >>> >> >> -- >> Prentice Bisbal >> Linux Software Support Specialist/System Administrator School of Natural >> Sciences Institute for Advanced Study Princeton, NJ >> >
