Re: Search-result referrals in Net::LDAP


#1

you try.
Would you blame a company that has, say, 40,000 employees for
implementing this?

This is due to an “LDAP control” that A/D uses to
prevent large queries. This has already been fixed in the
HEAD revision of Net::LDAP.

Could you please elaborate on what you mean in this context by “fixed”?

Thanks,

Dan

This communication is the property of Qwest and may contain confidential
or
privileged information. Unauthorized use of this communication is
strictly
prohibited and may be unlawful. If you have received this communication
in error, please immediately notify the sender by reply e-mail and
destroy
all copies of the communication and any attachments.


#2

Dan, I think you’re talking about the search-size limitation in A/D
rather
than the search-result referral issue.

A/D, for whatever reason, won’t return more than 1000 search results in
one
shot. You’ll hit this limitation if you use standard command-line LDAP
tools, or the native C++ libraries, or version 0.0.1 of Net::LDAP.
Microsoft
uses what LDAPv3 calls a “control,” basically some extra-standard syntax
to
create what they call “paged requests.” If you really have nothing
better to
do with your life, read RFC 2696 for the gory details (and note the
authors
of the RFC :-)). The current HEAD revision of Net::LDAP properly
supports
RFC 2696 so it transparently handles queries from A/D that have >1000
entries.

Considering that I run LDAP servers that regularly return a few hundred
thousand search-entries in one query, and take less than a second to do
so
while processing other queries simultaneously, you’d think Microsoft
would
be able to write a stronger directory server. But I guess they know
their
own capabilities better than I do.