[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: sizelimit doesn't seem to be reflected into "ldap" backends?

To: Jason Haar <Jason.Haar@trimble.co.nz>
Subject: Re: sizelimit doesn't seem to be reflected into "ldap" backends?
From: Howard Chu <hyc@symas.com>
Date: Fri, 05 Feb 2010 20:30:11 -0800
Cc: openldap-technical@openldap.org
In-reply-to: <4B6C9362.2080008@trimble.co.nz>
References: <4B6C9362.2080008@trimble.co.nz>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; rv:1.9.3a1pre) Gecko/20100131 SeaMonkey/2.0a1pre Firefox/3.0.3

Jason Haar wrote:

Hi there

I'm wanting to use slapd as a "LAF" - LDAP Application Firewall - to
filter and log calls to our backend Active Directory LDAP network.

I've just slapd doing the job just fine - except that it can't return
large LDAP data dumps... If I use "ldapsearch -E pr=900/noprompt"
directly against an AD LDAP server, I can get it to dump everything.
However, if I do the same command against a slapd proxy, I get the "size
exceeded" error message. It appears slapd doesn't understand this
extension, and isn't passing it on to the backend?

slapd understands the pagedResults extension just fine, Microsoft'simplementation is broken and the behavior you're trying to take advantage ofis a bug in their server.

Any ideas how I could get around this, besides saying we need to touch
our AD to get rid of the size limit (I've already thought of that :-)


That would be the correct thing to do.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- sizelimit doesn't seem to be reflected into "ldap" backends?
  - From: Jason Haar <Jason.Haar@trimble.co.nz>

Prev by Date: sizelimit doesn't seem to be reflected into "ldap" backends?
Next by Date: Re: memberOf configured via directory based model
Index(es):
- Chronological
- Thread