[Auth_ldap] LDAP searches too large?
McAllister, Andrew
McAllisterA at umsystem.edu
Thu Jun 16 12:24:18 PDT 2005
I don't think too large is a problem.
Our AuthLDAPUrl is
ldaps://ourglobalcatalog.domain.edu:3269/dc=edu?samAccountName?sub?(obje
ctClass=*)
Now that's generic. We have 5 domains in our forest and roughly 77,000
users.
In your search you are providing the samAccountName, which should only
ever return one row (hopefully you don't allow duplicates across
multiple domains). So the result set should still always be just one
row.
I suspect that in fact you are running up against some sort of
structural problem where Active Directory doesn't put samAccountName
data in the tree at your level and that the "sub" search isn't finding
it at lower levels because of some depth limit. You might have to query
the global catalog like we do, where if I recall correctly the tree is
flattened out.
Andy
> -----Original Message-----
> From: auth_ldap-bounces at rudedog.org
> [mailto:auth_ldap-bounces at rudedog.org] On Behalf Of Steven Hajducko
> Sent: Thursday, June 16, 2005 11:35 AM
> To: 'auth_ldap at rudedog.org'
> Subject: [Auth_ldap] LDAP searches too large?
>
> We're having an issue when dealing with too large of a
> search, it seems.
>
> When we issue the search -
>
> ldap://corpdc.corp.ad.diginsite.com/ou=users,ou=corporate,dc=c
> orp,dc=ad,dc=diginsite,dc=com?sAMAccountName?sub?(objectClass=user)
>
> Everything works fine.
>
> When increase the broadness of the search with the following
> url, apache fails to process:
>
> ldap://corpdc.corp.ad.diginsite.com/dc=corp,dc=ad,dc=diginsite
> ,dc=com?sAMAccountName?sub?(objectClass=user)
snip
More information about the Auth_ldap
mailing list