[python-ldap] Processing large ldif group exports from AD
Michael Ströder
michael at stroeder.com
Fri Jun 7 10:58:16 CEST 2013
Joseph L. Casale wrote:
> Seems there is some limitation in exporting large groups with ldifde.exe as after a certain size
> the group entry is split away from its multiple member entries into a add type modlist which
> presents an issue to parse.
>
> Anyone encountered this and have a solution?
In its default configuration AD won't return more than 1000 member values in
LDAP search results.
MS introduced a proprietary mechanism for retrieving more values using kind of
sub-types:
http://ietfreport.isoc.org/idref/draft-kashi-incremental/
Not sure whether ldif.exe supports it. You can also tweak this limit in NTDS
LDAP policy. Consult MS docs for more information about that.
python-ad claims to support draft-kashi-incremental-00.txt:
https://code.google.com/p/python-ad/
Never used it myself though.
Ciao, Michael.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2398 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.python.org/pipermail/python-ldap/attachments/20130607/987702ca/attachment.bin>
More information about the python-ldap
mailing list