AD sizelimit
Deepak Giridharagopal
deepak at arlut.utexas.edu
Mon Apr 11 19:50:45 CEST 2005
On Tue, 2005-04-05 at 01:53 +0200, geert.van.muylem at utimaco.be wrote:
> I have an Active Directory with some 9000 users.
> How can I retrieve all users with ldap. I only get back 1000 entries
> (which is the page size of AD)
> I've tried to set the pagesize to 10000, but still the same result
I think that setting sizelimit to 10000 only sets a client-side limit on
the number of results to return. AD, however, imposes a server-side
limit of 1000, so that explains why the sizelimit argument you give has
no effect.
I've actually run into this, and there's 2 solutions I can think of:
1) Use the 'paged results' LDAP control (RFC 2696) to get your users in
chunks. This would require using a CVS build of python-ldap since
support for LDAP controls hasn't appeared in a release yet. I actually
haven't tried this approach yet, but I will be soon for a project at my
laboratory.
2) The quick fix: increase the pagesize on your AD server. Here's how:
http://support.microsoft.com/default.aspx?scid=kb;en-us;315071&sd=tech
Basically, you'll need to use ntdsutil.exe to modify the 'MaxPageSize'
attribute.
Cheers!
deepak
--
Deepak Giridharagopal
Applied Research Laboratories
University of Texas at Austin
More information about the python-ldap
mailing list