LMAO!
A company that I previously worked
for implemented SameTime about 4 or so years ago against a Windows 2000
forest. I can absolutely assure you that the page size nor attribute range
retrieval size was ever modified, I would have laughed at the person requesting
it. 100,000 wouldn't have been enough to increase it to.
I do not know the details of how it was implemented other
than all of the distribution lists for the users were maintained in an
application domain and were non-security enabled domain local groups and users
from the account domains were placed into them. That was the only thing they
really ever asked me about. They no access to userids in the account domains
other than standard user access rights to look at them.
There honestly is no reason for this out of someone like
IBM. This isn't new technology any more and people have been
integrating this stuff for a while.
joe
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fugleberg, David A
Sent: Thursday, February 02, 2006 12:48 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Lotus Sametime and LDAP access to AD
Has
anyone on the list ever run into this ? A systems integrator I know told
me that they were trying to integrate Lotus SameTime with AD as part of an
enterprise portal configuration. Apparently SameTime can authenticate
using LDAP binds and also grab user information which SameTime uses for its
configuration.
Anyhow, it chokes when it tries to retrieve the user
information. Apparently, they try to query on all users within the
specified scope, but without using the LDAP paging control. The integrator
sent me this URL to the technote published by IBM on the subject
http://www.ibm.com/support/docview.wss?rs=899&uid=swg21090028
From the referenced technote:
Currently, Sametime must pull all users from the LDAP server and will reach the limit set on the LDAP server, if a limit is set to be lower than the amount of users that Sametime can search for.
And then this little gem:
The following can resolve the error on an
Active Directory server:
- In Active Directory, go to a command line and
type:
ntdsutil
ldap policies
connections
connect to server <local server name>
set creds <local domain name> administrator <admin password>
quit
show values
set MaxPageSize to 100000
commit changes
Note If the amount of users/groups on the AD server is larger than 100,000, the MaxPageSize value should be set higher.
When I regained my composure, I
replied with a note to the effect that there is absolutely no way I would
advocate opening that throttle by a factor of 100 (or more!). There have
been numerous threads on this list about MaxPageSize, usually ending with a
pronouncement from ~Eric or joe saying "Just don't do it - use LDAP
paging".
I'm just curious if anyone else
has run into this with SameTime, and also whether Microsoft has
directly addressed this kind of advice from IBM or anyone
else.
Dave
