[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ldap_get_values returns NULL when attribute got more then 1000 values.
Hagai Yaffe writes:
> After a little snooping around I have discovered that for a user who
> is member off more then a 1000 groups the Active Directory server
> sends only a 1000 groups, it also sends an header to inform the client
> of this, the header looks like this :
>
> .memberOf1.....0.......memberOf;range=0-999
There are no 'headers' in the LDAP protocol. If you mean AD sends an
attribute with that attribute description, or with attribute description
ending with ";range" and a value of "0-999", that is an AD bug. The
attribute description (attribute type;option;option...) must start with
a letter or a digit, among other things. And it can only contain
periods when the attribute type is a sequence of integers separated by
single periods. See rfc2251 section 4.1.4 - 4.1.5.
--
Hallvard