Hi there
I'm wanting to use slapd as a "LAF" - LDAP Application Firewall - to filter and log calls to our backend Active Directory LDAP network.
I've just slapd doing the job just fine - except that it can't return large LDAP data dumps... If I use "ldapsearch -E pr=900/noprompt" directly against an AD LDAP server, I can get it to dump everything. However, if I do the same command against a slapd proxy, I get the "size exceeded" error message. It appears slapd doesn't understand this extension, and isn't passing it on to the backend?
Any ideas how I could get around this, besides saying we need to touch our AD to get rid of the size limit (I've already thought of that :-)
Thanks
Jason
Jason Haar wrote:
Hi there
I'm wanting to use slapd as a "LAF" - LDAP Application Firewall - to filter and log calls to our backend Active Directory LDAP network.
I've just slapd doing the job just fine - except that it can't return large LDAP data dumps... If I use "ldapsearch -E pr=900/noprompt" directly against an AD LDAP server, I can get it to dump everything. However, if I do the same command against a slapd proxy, I get the "size exceeded" error message. It appears slapd doesn't understand this extension, and isn't passing it on to the backend?
slapd understands the pagedResults extension just fine, Microsoft's implementation is broken and the behavior you're trying to take advantage of is a bug in their server.
Any ideas how I could get around this, besides saying we need to touch our AD to get rid of the size limit (I've already thought of that :-)
That would be the correct thing to do.
openldap-technical@openldap.org
-
Howard Chu -
Jason Haar