Yep, I spaced, it is indeed 1000 by default on both systems. See note where Tony pointed out my mistake as well.
I agree to both points 1 and 2 as well as the RFC comment. Unfortunately the RFC is the best attempt at standardization. As more and more vendors pick up on it, it becomes de facto standard. As Eric pointed out to this list previously, apps that do not handle paging or value ranging are actually dangerous in that they don't scale and probably won't even be aware that they are missing values regardless of what the limits are set to. Every system has to have some limit, no system has infinite resources. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, September 23, 2005 5:11 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAP search limitations Thanks to those who responded and sorry for any confusion caused by using the number 1024 and not 1000 :) This article http://support.microsoft.com/default.aspx?scid=kb;en-us;315071&sd=tech implies that the pagelimit is 1000 in 2k (and 2k3), but the valuerange is 1000 (1500 in 2k3). I was asking about the pagelimit which determines the number of objects returned and not valuerange, which determines the number of values returned per attribute. The question stemmed from the fact that: 1. some ppl are not used to such limits being imposed by other LDAP implementations 2. various LDAP clients/browsers do not support paging or VLV. Deji quoted a RFC regarding paging, but as we all know, RFCs are guidelines and not standards. I don't believe that all clients have adopted paging since as I state above, not all LDAP implementations require it. I do however, appreciate that AD is not just an LDAP repository nor is it just a database. There is a need therefore, to "throttle" searches so that other operations are not jeopardised. Thanks again, neil -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of joe Sent: 22 September 2005 19:44 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] LDAP search limitations The limit is 1000 on 2K and 1500 on K3/ADAM. These values can be tweaked. The general purpose reason is to conserve resources on the LDAP server. Consider result sets have to be pulled into memory to be encoded to send back to clients. If you have lots and lots of simultaneous queries with huge resultsets you could quickly cause harm to an LDAP server as it runs low on resources. As to why MS did it and others didn't. Possibly the others are not thinking properly about large scale or heavily loaded implementations. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, September 22, 2005 12:31 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] LDAP search limitations Apologies for asking this question, since it's been posed before (?), but can anyone offer me a brief description of why AD only returns (by default) 1024 entries when an LDAP search is performed? Is it a question of performance? Why is the searcher not offered all records that meet the search criteria? Questions have arisen as to why MS implemented a limit since (apparently), other LDAP implementations do not enforce these limits. thanks, neil --------------------------------------- Neil Ruston Nomura International Plc Tel: 020 7521 3481 [EMAIL PROTECTED] PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email please notify the sender immediately and delete your copy from your system. You must not copy, distribute or take any further action in reliance on it. Email is not a secure method of communication and Nomura International plc ('NIplc') will not, to the extent permitted by law, accept responsibility or liability for (a) the accuracy or completeness of, or (b) the presence of any virus, worm or similar malicious or disabling code in, this message or any attachment(s) to it. If verification of this email is sought then please request a hard copy. Unless otherwise stated this email: (1) is not, and should not be treated or relied upon as, investment research; (2) contains views or opinions that are solely those of the author and do not necessarily represent those of NIplc; (3) is intended for informational purposes only and is not a recommendation, solicitation or offer to buy or sell securities or related financial instruments. NIplc does not provide investment services to private customers. Authorised and regulated by the Financial Services Authority. Registered in England no. 1550505 VAT No. 447 2492 35. Registered Office: 1 St Martin's-le-Grand, London, EC1A 4NP. A member of the Nomura group of companies. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
