Folks,
I finally found the problem after much frustration --> Solaris. Once
I tried the same query on Linux and was able to retrieve >1000 entries
I figured the problem was with the ldap client on Solaris.
Looking in the logs, Solaris was using paged results from back-bdb.
When doing an ldap query that consults nss_ldap such as "finger",
libsldap.so is hard-coded with a LISTPAGESIZE of 1000 (see
http://cvs.opensolaris.org/source/xref/usr/src/lib/libsldap/common/ns_in
ternal.h). I grabbed source for libldap from openSolaris.org,
increased the pagesize limit, and hacked it so it would work on Solaris
9 and lo and behold it worked -- I was able to to retrieve >1000
entries.
However, I didn't feel comfortable putting my hacked libraries on
production Solaris servers so I stripped all the pagedresults controls
from back-bdb/search.c and this worked, too, with default Solaris.
This is how I'm going to leave the system for now.
Is it possible to request greater freedom over these controls (e.g.,
pagedresults) in a future version of openldap?