-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 24-Sep-2002/15:01 +0100, John Horne <[EMAIL PROTECTED]> wrote: >We have a Microsoft windows server running ldap, and I am trying to >obtain a list of all the users in the ldap server. There are about 20,000 >in total. I can retrieve about 1000 using 'ldapsearch'. I'm trying this >from a redhat 7.0 pc, a Solaris 9 Sun system (which has openldap on it), >and a redhat 7.2 system.
The best way would be to get the LDAP server administrator to dump the data in LDIF format. The next best way would probably be to use Outlook and Outlook Express to download and export the GAL. See my Linux Gazette Answer Gang response here: http://www.linuxgazette.com/issue70/tag/8.html >The problem is I know little about ldap as such and have no dealing with >the server. I gather there is a limit imposed of returning 1000 records >(a 'page' I am told) each time. My question though is how do I tell >ldapsearch to 'get the next 1000 records', so that I can create a loop >and retrieve all the records? There is no straightforward way to do this. You can create a shell script that runs a query for each letter of the alphabet, but if any query results in more than 1000 entries, you'll have to run a second loop for 26 variations of that letter. Assuming your ~/.ldaprc file has the basic hostname and searchbase options set, the queries could be put in a shell script that looks like this: #!/bin/sh for letter in a b c d e f g h i j k l m n o p q r s t u v w x y z; do ldapsearch -x -LLL "sn=$letter*" >> userlist.ldif done Then if any result was more than 1000 entries (the letter "s" is a likely suspect) then you'd do something similar, just for that letter: #!/bin/sh for letter in sa sb sc sd se sf sg sh si sj sk sl sm sn so sp sq sr\ ss st su sv sw sx sy sz; do ldapsearch -x -LLL "sn=$letter*" >> userlist.ldif done The backslash (\) tells the shell that the command is continued on the next line. Just make sure there is no space or tab after the backslash. It has to be the last character on the line. This method is a brute-force kludge, and it has the potential to be tedious, but it will work. Tony - -- Anthony E. Greene <mailto:[EMAIL PROTECTED]> OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D AOL/Yahoo Chat: TonyG05 HomePage: <http://www.pobox.com/~agreene/> Linux: the choice of a GNU Generation. <http://www.linux.org/> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Anthony E. Greene 0x6C94239D <[EMAIL PROTECTED]> iD8DBQE9kIxHpCpg3WyUI50RAs4NAKCxPvWMc6dysEwg6BGrqjSN9VD/2ACfYaQt StR6bk1Z63pg1t/sXlzj5h4= =C4Gw -----END PGP SIGNATURE----- -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
