> > you try. Would you blame a company that has, say, 40,000 employees for implementing this? > This is due to an "LDAP control" that A/D uses to > prevent large queries. This has already been fixed in the > HEAD revision of Net::LDAP. Could you please elaborate on what you mean in this context by "fixed"? Thanks, Dan This communication is the property of Qwest and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.
on 2006-05-31 02:20
on 2006-05-31 03:00
Dan, I think you're talking about the search-size limitation in A/D rather than the search-result referral issue. A/D, for whatever reason, won't return more than 1000 search results in one shot. You'll hit this limitation if you use standard command-line LDAP tools, or the native C++ libraries, or version 0.0.1 of Net::LDAP. Microsoft uses what LDAPv3 calls a "control," basically some extra-standard syntax to create what they call "paged requests." If you really have nothing better to do with your life, read RFC 2696 for the gory details (and note the authors of the RFC :-)). The current HEAD revision of Net::LDAP properly supports RFC 2696 so it transparently handles queries from A/D that have >1000 entries. Considering that I run LDAP servers that regularly return a few hundred thousand search-entries in one query, and take less than a second to do so while processing other queries simultaneously, you'd think Microsoft would be able to write a stronger directory server. But I guess they know their own capabilities better than I do.