specifying range (i.e. member;range-501-601)

General Discussion about LDAP Administrator

Moderator: Support

specifying range (i.e. member;range-501-601)

Postby subsoniq » Wed Dec 22, 2004 1:39 am

I'm using LDAP Administrator 3.1 to try and view a group in Active Directory that has thousands of members, these are stored as a multi-valued attribute called member. Windows 2000 AD limits the number of values returned for a multi-valued attribute to 1000, if you need to look at more than that then you need to do several queries and specify a range value for each query (range=0-999, then range=1000-1999, etc). The question is how do I do this without having to write a script to dump it out?
subsoniq
 
Posts: 3
Joined: Wed Dec 22, 2004 1:32 am

Postby Support » Wed Dec 22, 2004 8:53 am

You have to activate and use a technology called Simple Paging. For details please turn to application help.

Help->LDAP Administrator Help->Browsing Directory->Managing Large Numbers of Entries

or read it online
Support
 
Posts: 896
Joined: Sun Aug 12, 2001 12:00 am

Postby Support » Wed Dec 22, 2004 9:01 am

Sorry, I didn't understand the question right.

As for big attributes fetching is concerned you can try using Directory Search feature and specify necessary range as an attribute option e.g. member;range-501-601. Unfortunately Directory Search feature is not designed to display a big number of values, but you can save search result to a file.
Support
 
Posts: 896
Joined: Sun Aug 12, 2001 12:00 am

Postby subsoniq » Wed Dec 22, 2004 6:42 pm

I'm talking about a group object (objectClass=group) with thousands of user objects as members. If you look at the group object it will return all the attributes, including the member attribute. The member attribute has multiple values and looks like this:

member CN=john doe,CN=Users,DC=acme,DC=com
member CN=jane doe,CN=Users,DC=acme,DC=com
member CN=jordan doe,CN=Users,DC=acme,DC=com


Some of our groups have thousands of members, but Windows 2000 AD has a built in limit on how many of these attribute values it will return in an LDAP query, only 1000 at a time. So the retruned query looks like this:

member;range=0-999 CN=john doe,CN=Users,DC=acme,DC=com
member;range=0-999 CN=jane doe,CN=Users,DC=acme,DC=com
member;range=0-999 CN=jordan doe,CN=Users,DC=acme,DC=com


Microsoft has an article covering this and discusess using "range=" in multiple queries so that you can get all of the members, and I was wondering how to do this with LDAP Administrator. I've tried turning on Simple Paging but it doesn't seem to work, it will page when it comes to retrieving a list of objects (say thousands of user & group objects under a container object such as OU), but it won't do this for attributes of an object.

And I have read your FAQ that discusses changing AD itself to return more than 1000 attributes but that is not an option, this is a very large organization and getting permission to make such a drastic change to the environment for something as simple as listing members of a group using an LDAP browser would never be approved.
subsoniq
 
Posts: 3
Joined: Wed Dec 22, 2004 1:32 am

Postby subsoniq » Wed Dec 22, 2004 6:50 pm

Support wrote:Sorry, I didn't understand the question right.

As for big attributes fetching is concerned you can try using Directory Search feature and specify necessary range as an attribute option e.g. member;range-501-601. Unfortunately Directory Search feature is not designed to display a big number of values, but you can save search result to a file.


Yes, but how do you do this? Where do you put the member;range=1000-1999? When I do directory search I get 3 fields to fill out, Search DN, Filter, and Attributes. How exactly would I phrase a search to set a range like this? I've tried lots of variations and nothing has worked, I either get the normal return, or I get an error.

For instance I've done this search:

Search DN: OU=Groups,DC=acme,DC=com
Filter: (&(objectclass=group)(CN=*large group name*)
Attributes: (member;range=1000-1999)


But but instead of getting a return back with member;range=1000-1999, listing members 1,001 through 2,000, I get back member;range=0-999, listing members 1 through 1,000.
subsoniq
 
Posts: 3
Joined: Wed Dec 22, 2004 1:32 am

Postby Support » Thu Dec 23, 2004 11:23 am

But but instead of getting a return back with member;range=1000-1999, listing members 1,001 through 2,000, I get back member;range=0-999, listing members 1 through 1,000.

Looks like we have a bug. We'll make an investigation and probably fix it for 3.2 which is scheduled to be released early February 2005.
Support
 
Posts: 896
Joined: Sun Aug 12, 2001 12:00 am

Postby yhyman » Mon Oct 24, 2005 3:59 pm

Support wrote:
But but instead of getting a return back with member;range=1000-1999, listing members 1,001 through 2,000, I get back member;range=0-999, listing members 1 through 1,000.

Looks like we have a bug. We'll make an investigation and probably fix it for 3.2 which is scheduled to be released early February 2005.

I'm having the same issue and I've upgraded to the latest version. How do I change the range?
yhyman
 
Posts: 2
Joined: Mon Oct 24, 2005 3:41 pm
Location: New York, NY

Postby yhyman » Tue Mar 27, 2007 9:03 pm

I'm still having this issue. Any updates?
yhyman
 
Posts: 2
Joined: Mon Oct 24, 2005 3:41 pm
Location: New York, NY

Postby Support » Thu Mar 29, 2007 8:04 am

This issue was fixed. I've checked it with the latest version (3.4). It returns the specified range correctly.
Attachments
range.PNG
range.PNG (30.44 KiB) Viewed 41444 times
Support
 
Posts: 896
Joined: Sun Aug 12, 2001 12:00 am


Return to General Discussion

Who is online

Users browsing this forum: No registered users and 1 guest

cron