Re: AD sizelimit

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On Tue, 2005-04-05 at 01:53 +0200, gee...@ut... wrote:
> I have an Active Directory with some 9000 users. 
> How can I retrieve all users with ldap. I only get back 1000 entries
> (which is the page size of AD) 
> I've tried to set the pagesize to 10000, but still the same result 

I think that setting sizelimit to 10000 only sets a client-side limit on
the number of results to return. AD, however, imposes a server-side
limit of 1000, so that explains why the sizelimit argument you give has
no effect.

I've actually run into this, and there's 2 solutions I can think of:

1) Use the 'paged results' LDAP control (RFC 2696) to get your users in
chunks. This would require using a CVS build of python-ldap since
support for LDAP controls hasn't appeared in a release yet. I actually
haven't tried this approach yet, but I will be soon for a project at my
laboratory.

2) The quick fix: increase the pagesize on your AD server. Here's how:
http://support.microsoft.com/default.aspx?scid=kb;en-us;315071&sd=tech

Basically, you'll need to use ntdsutil.exe to modify the 'MaxPageSize'
attribute.

Cheers!
deepak

--
Deepak Giridharagopal
Applied Research Laboratories
University of Texas at Austin