A F -
I'm certain I used code or doco [or a book?] that was authored by Steven
Manross. I ran into the same issue when I promoted a solution from a
development environment to production. Development had < 1000 objects of
interest, production exceeded the limit of 1000 per query. I ended up using
the paged method that Steven mentioned in his post.
My apologies for top-posting.
Here's a sequence of calls that I used to query AD for printQueue objects. In
our environment there's more than 1000.
use constant LDAP_SIZELIMIT => 0;
use constant LDAP_SCOPE => 'sub';
use constant LDAP_FILTER => '(objectCategory=printQueue)';
use constant LDAP_ATTR => 'portName';
use constant PAGE_SIZE => 500;
#
# sub makeBaseDN takes a DNS-style domain and turned it into the X.400 [or is
it X.500] style format.
#
my( $ldapHost, $ID, $PW ) = @_;
my( $ldap ) = Net::LDAP->new( $ldapHost ) or die "$@";
my( $mesg, $page, $cookie, $objCount ) = ( undef, undef, undef, 0 );
my( @args ) = ();
if ( length( $ID ) == 0 || length( $PW ) == 0 ) {
printf $tee "%s: an ID and password must be specified to bind to the LDAP se
exit -1;
}
# bind to a directory with dn and password
# NOTE: bind() method fails if the connection cannot be completed because of n
# failure is "Can't call method "bind" on an undefined value at getPrint
$mesg = $ldap->bind( $ID, password => $PW );
# NOTE: failure occurs here when $ID and/or $PW is incorrect, failure is:
# 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error
$mesg->code && die $mesg->error;
$page = Net::LDAP::Control::Paged->new( size => PAGE_SIZE );
@args = (
Sizelimit => LDAP_SIZELIMIT,
scope => LDAP_SCOPE,
base => &makeBaseDN,
filter => LDAP_FILTER,
attrs => [ LDAP_ATTR ],
control => [ $page ],
);
while( 1 ) {
$mesg = $ldap->search( @args );
last if ( $mesg->code && $mesg->code != 4 );
foreach my $entry ( $mesg->entries ) {
my $dn = $entry->dn();
foreach my $attr ( $entry->attributes ) {
my $value = $entry->get_value( $attr );
$value =~ s/^IP_//;
printf QUE "%s\t%s\n", $value, $dn;
printf IP "%s\n", $value;
}
}
$objCount += $mesg->count;
last unless my( $resp ) = $mesg->control( LDAP_CONTROL_PAGED );
last unless $cookie = $resp->cookie;
$page->cookie( $cookie );
}
if ( $cookie ) {
printf $tee "INFO: query interrupted: %s: %s!\n", $mesg->code, $mesg->error;
$page->cookie( $cookie );
$page->size( 0 );
$ldap->search( @args );
if ( $mesg->count && $objCount == 0 ) {
foreach my $entry ( $mesg->entries ) {
my $dn = $entry->dn();
foreach my $attr ( $entry->attributes ) {
my $value = $entry->get_value( $attr );
$value =~ s/^IP_//;
printf QUE "%s\t%s\n", $value, $dn;
printf IP "%s\n", $value;
}
}
$objCount += $mesg->count;
}
if ( $objCount ) {
# query actually returned something
}
$mesg = $ldap->unbind; # take down session
--
Paul J. Brzezinski
Integration Engineering - GM
HP Enterprise Services
Telephone +1 248.365.9615
Email paul.brzezin...@hp.com<mailto:paul.brzezin...@hp.com>
From: perl-win32-admin-boun...@listserv.activestate.com
[mailto:perl-win32-admin-boun...@listserv.activestate.com] On Behalf Of A F
Sent: Thursday, March 17, 2011 2:54 PM
To: Steven Manross; perl-win32-admin@listserv.ActiveState.com
Subject: Re: LDAP query limit in AD?
Even with that it only give me 1000. the recordcount seems to be always 1000
with any kind of filter I put.
In my previous example I was expecting 1600+ users that have manager.
________________________________
From: Steven Manross <ste...@manross.net>
To: A F <perl95...@yahoo.com>; perl-win32-admin@listserv.ActiveState.com
Sent: Wed, March 16, 2011 11:34:17 PM
Subject: RE: LDAP query limit in AD?
Your code should pull all the users with a specified manager.
While there is a limit of 1000 objects that AD will pull back in an AD
query, we've written a paged query ( $Cmd->{Properties}->{"Page Size"}
= 99), to get around that limitation so I would start by modifying your
query to change:
(&(objectclass=User)(manager=*))
To:
(objectclass=User)
And note the differences of results.. I am guessing that will show your
missing 1000+ users.
HTH
Steven
________________________________
From: A F [mailto:perl95...@yahoo.com<mailto:perl95...@yahoo.com>]
Sent: Wednesday, March 16, 2011 11:09 PM
To: Steven Manross;
perl-win32-admin@listserv.ActiveState.com<mailto:perl-win32-admin@listserv.ActiveState.com>
Subject: LDAP query limit in AD?
Is there a limit on the number of record when doing a AD query
with LDAP?
I am getting only 1000 records from this script. We have more
than 2000+ users in our AD.
Any idea how to increase the limit to get everything?
use Win32::OLE;
my $RootDSE = Win32::OLE->GetObject("LDAP://RootDSE");
$dc = $RootDSE->Get("DnsHostName");
print "$dc\n";
query_ldap("<LDAP://" . $dc .
">;(&(objectclass=User)(manager=*));displayname,distinguishedname;subtre
e",$objects);
print "recordcount = ".$objects->{RecordCount}."\n";
while (!$objects->{EOF}) {
getattributes($dc,$objects->Fields("distinguishedname")->{Value});
$objects->MoveNext();
}
sub query_ldap {
my $ldap_query = $_[0];
my $error_num;
my $error_name;
my $RS;
my $Conn = Win32::OLE->new("ADODB.Connection");
if (Win32::OLE->LastError() != 0) {
print "Failed creating ADODB.Connection object
(".Win32::OLE->LastError().")\n -> $ldap_query\n";
return 0;
}
$Conn->{'Provider'} = "ADsDSOObject";
if (Win32::OLE->LastError() != 0) {
print "Failed setting ADODB.Command Provider
(".Win32::OLE->LastError().")\n -> $ldap_query\n";
return 0;
}
$Conn->{Open} = "Perl Active Directory Query";
my $Cmd = Win32::OLE->new("ADODB.Command");
if (Win32::OLE->LastError() != 0) {
print "Failed creating ADODB.Command object
(".Win32::OLE->LastError().")\n -> $ldap_query\n";
return 0;
}
$Cmd->{CommandText} = $ldap_query;
$Cmd->{Properties}->{"Page Size"} = 99;
$Cmd->{ActiveConnection} = $Conn;
$RS = $Cmd->Execute();
if (Win32::OLE->LastError() != 0) {
print "Failed Executing ADODB Command object
(".Win32::OLE->LastError().")\nExecuting ADODB Command ->
$ldap_query\n";
return 0;
} else {
$_[1] = $RS;
return 1;
}
}
sub getattributes {
my $dc = $_[0];
my $dn = $_[1];
my $adsuser = Win32::OLE->GetObject("LDAP://$dc/$dn") || die
("Can't find user: ".Win32::OLE->LastError()."\n");
print "$adsuser->{cn}\t";
print "$adsuser->{EmailAddress}\t";
print "$adsuser->{department}\t";
print "$adsuser->{PhysicalDeliveryOfficeName}\t";
print " Manager: $adsuser->{Manager}\n";
}
_______________________________________________
Perl-Win32-Admin mailing list
Perl-Win32-Admin@listserv.ActiveState.com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
