Forum: Ruby Re: Search-result referrals in Net::LDAP

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
Berger, Daniel (Guest)
on 2006-05-31 02:20
(Received via mailing list)
> you try.
Would you blame a company that has, say, 40,000 employees for
implementing this?

> This is due to an "LDAP control" that A/D uses to
> prevent large queries. This has already been fixed in the
> HEAD revision of Net::LDAP.

Could you please elaborate on what you mean in this context by "fixed"?



This communication is the property of Qwest and may contain confidential
privileged information. Unauthorized use of this communication is
prohibited and may be unlawful.  If you have received this communication
in error, please immediately notify the sender by reply e-mail and
all copies of the communication and any attachments.
Francis C. (Guest)
on 2006-05-31 03:00
(Received via mailing list)
Dan, I think you're talking about the search-size limitation in A/D
than the search-result referral issue.

A/D, for whatever reason, won't return more than 1000 search results in
shot. You'll hit this limitation if you use standard command-line LDAP
tools, or the native C++ libraries, or version 0.0.1 of Net::LDAP.
uses what LDAPv3 calls a "control," basically some extra-standard syntax
create what they call "paged requests." If you really have nothing
better to
do with your life, read RFC 2696 for the gory details (and note the
of the RFC :-)). The current HEAD revision of Net::LDAP properly
RFC 2696 so it transparently handles queries from A/D that have >1000

Considering that I run LDAP servers that regularly return a few hundred
thousand search-entries in one query, and take less than a second to do
while processing other queries simultaneously, you'd think Microsoft
be able to write a stronger directory server. But I guess they know
own capabilities better than I do.
This topic is locked and can not be replied to.