Re: Search-result referrals in Net::LDAP

< ^ > P N |<>|^_>< --- | ~ ...J Help
------=_Part_22842_32352406.1149029861475
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Dan, I think you're talking about the search-size limitation in A/D rather
than the search-result referral issue.

A/D, for whatever reason, won't return more than 1000 search results in one
shot. You'll hit this limitation if you use standard command-line LDAP
tools, or the native C++ libraries, or version 0.0.1 of Net::LDAP. Microsoft
uses what LDAPv3 calls a "control," basically some extra-standard syntax to
create what they call "paged requests." If you really have nothing better to
do with your life, read RFC 2696 for the gory details (and note the authors
of the RFC :-)). The current HEAD revision of Net::LDAP properly supports
RFC 2696 so it transparently handles queries from A/D that have >1000
entries.

Considering that I run LDAP servers that regularly return a few hundred
thousand search-entries in one query, and take less than a second to do so
while processing other queries simultaneously, you'd think Microsoft would
be able to write a stronger directory server. But I guess they know their
own capabilities better than I do.

On 5/30/06, Berger, Daniel <Daniel.Berger / qwest.com> wrote:
>
> > -----Original Message-----
> > From: Francis Cianfrocca [mailto:garbagecat10 / gmail.com]
> > Sent: Tuesday, May 30, 2006 4:16 PM
> > To: ruby-talk ML
> > Subject: Search-result referrals in Net::LDAP
> >
> >
> > All, I received an email from a gentleman who had a problem
> > using Net::LDAP (library at Rubyforge) to query an Active
> > Directory (A/D) server. He got the following error message:
> >
> > This happens because many A/D servers are configured to
> > return what LDAP calls "Search-result referrals"- an
> > additional LDAP URL that you are encouraged to query in order
> > to get additional relevant results. The Net::LDAP library was
> > not supporting this result-type. I'm in the process of adding
> > it in now and will produce a patch shortly. Has anyone else
> > encountered this problem?
> >
> > Another problem you are likely to see when querying A/D is
> > that you can't get back more than 1000 results no matter what
> > you try.
>
> Would you blame a company that has, say, 40,000 employees for
> implementing this?
>
> > This is due to an "LDAP control" that A/D uses to
> > prevent large queries. This has already been fixed in the
> > HEAD revision of Net::LDAP.
>
> Could you please elaborate on what you mean in this context by "fixed"?
>
> Thanks,
>
> Dan
>
>
> This communication is the property of Qwest and may contain confidential
> or
> privileged information. Unauthorized use of this communication is strictly
> prohibited and may be unlawful.  If you have received this communication
> in error, please immediately notify the sender by reply e-mail and destroy
> all copies of the communication and any attachments.
>
>

------=_Part_22842_32352406.1149029861475--