Forum: Ruby Re: Search-result referrals in Net::LDAP

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Berger, Daniel (Guest)
on 2006-05-31 02:20
(Received via mailing list)
>
> you try.
Would you blame a company that has, say, 40,000 employees for
implementing this?

> This is due to an "LDAP control" that A/D uses to
> prevent large queries. This has already been fixed in the
> HEAD revision of Net::LDAP.

Could you please elaborate on what you mean in this context by "fixed"?

Thanks,

Dan


This communication is the property of Qwest and may contain confidential
or
privileged information. Unauthorized use of this communication is
strictly
prohibited and may be unlawful.  If you have received this communication
in error, please immediately notify the sender by reply e-mail and
destroy
all copies of the communication and any attachments.
Francis C. (Guest)
on 2006-05-31 03:00
(Received via mailing list)
Dan, I think you're talking about the search-size limitation in A/D
rather
than the search-result referral issue.

A/D, for whatever reason, won't return more than 1000 search results in
one
shot. You'll hit this limitation if you use standard command-line LDAP
tools, or the native C++ libraries, or version 0.0.1 of Net::LDAP.
Microsoft
uses what LDAPv3 calls a "control," basically some extra-standard syntax
to
create what they call "paged requests." If you really have nothing
better to
do with your life, read RFC 2696 for the gory details (and note the
authors
of the RFC :-)). The current HEAD revision of Net::LDAP properly
supports
RFC 2696 so it transparently handles queries from A/D that have >1000
entries.

Considering that I run LDAP servers that regularly return a few hundred
thousand search-entries in one query, and take less than a second to do
so
while processing other queries simultaneously, you'd think Microsoft
would
be able to write a stronger directory server. But I guess they know
their
own capabilities better than I do.
This topic is locked and can not be replied to.