When I do a search like so
my $mesg = $ldap->search(
base => "OU=test,DC=example,DC=com",
scope => 'one',
filter => '(objectClass=organizationalPerson)',
attrs => ['distinguishedName', 'displayName', 'sAMAccountName', 'employeeID'],
);
I only get 1000 entries, where I would expect ~20000.
Is it possible to increase this limit in my Perl script, or does it have to be changed on the server?
The solution is to use paged search like so
use Net::LDAP;
use Net::LDAP::Control::Paged;
use Net::LDAP::Constant qw( LDAP_CONTROL_PAGED );
my $page = Net::LDAP::Control::Paged->new(size => 999);
my $cookie;
while (1) {
$mesg = $ldap->search(
base => "OU=test,DC=example,DC=com",
scope => 'one',
filter => '(objectClass=organizationalPerson)',
attrs => ['distinguishedName', 'displayName', 'sAMAccountName', 'employeeID'],
control => [$page]
);
$mesg->code && die "Error on search: $@ : " . $mesg->error;
while (my $adentry = $mesg->pop_entry()) {
# process $adentry
}
my ($resp) = $mesg->control(LDAP_CONTROL_PAGED) or last;
$cookie = $resp->cookie or last;
# Paging Control
$page->cookie($cookie);
}
if ($cookie) {
print "abnormal exit\n";
# Abnormal exit, so let the server know we do not want any more
$page->cookie($cookie);
$page->size(0);
$ldap->search(control => [$page]);
}
AD by default set the maximum page size to 1000. The client will receive the first 1000 result and also an receive an error "Size Limit Exceeded".
To avoid this the client has to use paged control, if the paged control is used the server will not return error but instead it will send a cookie (a byte) to indicate there is some more result available. If there is no cookie available which means no more result. So you can continue looping for the result until cookie is null.
You can also modify MaxPageSize in the server if you want, start ntdsutil and type the following,
ldap policies
connections
connect to server servername.domain.name
q
set maxpagesize to 5000
commit
changes
q
q
This is mostly done if the client does not support paging and the client can not be modified.
You don't specify the module that you are using to ldap search. By the way 'sizelimit' key can be used to it but by default it is not limited. This can be a server side limit configuration.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 贼婆χ 的文章《Increase limit from 1000?》','https://www.manongdao.com/article-601947.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}