Howard Chu a écrit :
Vincent MATHIEU wrote:
I try to do a search in an openldap server. This search can return a large number of entries (> 30 000) ; the sizelimit parameter in slapd.conf is set to 2100.
I use Net::LDAP perl module, LDAP_CONTROL_PAGED control and a code like the example in paged.pm (http://search.cpan.org/~gbarr/perl-ldap/lib/Net/LDAP/Control/Paged.pm). I set size parameter of Net::LDAP::Control::Paged to 1000.
openldap return's 1000 entries with 2 first search call, but an error code 4 (Sizelimit exceeded) occurs in third search call :
Is it the normal behaviour ?
Yes. Using the page control doesn't change the overall size limit of the search request. (It's known that Microsoft Active Directory behaves differently here, but it's also clear that they are broken in this area. One among many things they do in violation of the specs.)
I use LDAP_CONTROL_PAGED for Active Directory searchs too, and I thought that openldap work like AD ...
How can I do to get all entries from ou people ?
Use an identity that has the privilege to use a larger sizelimit.
Fine ! It's the good method, I didn't know it. But I try to do it :
slapd.conf : sizelimit 2100 limits dn="cn=viewEntries,ou=system,dc=univ-nancy2,dc=fr" size=5100
logs ldap : conn=1 op=0 BIND dn="cn=viewEntries,ou=system,dc=univ-nancy2,dc=fr" method=128 conn=1 op=0 BIND dn="cn=viewEntries,ou=system,dc=univ-nancy2,dc=fr" mech=SIMPLE ssf=0 conn=1 op=0 RESULT tag=97 err=0 text= conn=1 op=1 SRCH base="ou=people,dc=univ-nancy2,dc=fr" scope=2 deref=2 filter="(objectClass=inetOrgPerson)" conn=1 op=1 SRCH attr=cn sn givenName mail conn=1 op=1 SEARCH RESULT tag=101 err=0 nentries=1000 text= conn=1 op=2 SRCH base="ou=people,dc=univ-nancy2,dc=fr" scope=2 deref=2 filter="(objectClass=inetOrgPerson)" conn=1 op=2 SRCH attr=cn sn givenName mail conn=1 op=2 SEARCH RESULT tag=101 err=0 nentries=1000 text= conn=1 op=3 SRCH base="ou=people,dc=univ-nancy2,dc=fr" scope=2 deref=2 filter="(objectClass=inetOrgPerson)" conn=1 op=3 SRCH attr=cn sn givenName mail conn=1 op=3 SEARCH RESULT tag=101 err=4 nentries=100 text=
dn viewEntries is limited to 2100 entries, and no 5100. Why ? openldap version is 2.3.19
Vincent