[Auth_ldap] LDAP searches too large?
Dave Carrigan
dave at rudedog.org
Thu Jun 16 16:05:36 PDT 2005
On Thu, Jun 16, 2005 at 03:48:11PM -0700, Steven Hajducko wrote:
> I'm pretty much a complete neophyte to LDAP so although I know what OU
> and DN standfor, I'm not sure what the difference between the two is.
From a technical perspective, there really is no difference. They're
just labels.
> Dave should be able to answer on how deep the auth_ldap tool will search for
> samAccountName.
This is not in auth_ldap's control. Auth_ldap asks the server to start a
search, starting at a particular spot in the tree and the server does
the rest, and then returns the result(s) (hopefully there's only one) to
auth_ldap.
It sounds like AD stops the search after it searches a certain
amount. As to why the command line works and auth_ldap doesn't, the
easiest way to determine that would be to try to figure out what
parameters the command line is setting compared to auth_ldap. There are
lots of parameters, such as alias dereferencing, size limit, time limit,
etc. auth_ldap doesn't explicitly set any of these parameters.
The best way to identify the differences would be to turn verbose
logging on at the server, which should log all of the parameters used in
the search. I know nothing about Active Directory, so I don't even know
if that's possible.
The second best way would be to run a protocol analyzer that understands
ldap.
--
Dave Carrigan
Seattle, WA, USA
dave at rudedog.org | http://www.rudedog.org/ | ICQ:161669680
UNIX-Apache-Perl-Linux-Firewalls-LDAP-C-C++-DNS-PalmOS-PostgreSQL-MySQL
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://www.rudedog.org/pipermail/auth_ldap/attachments/20050616/197f78a9/attachment.pgp
More information about the Auth_ldap
mailing list