Paged ldap_search in OpenLDAP to get around size limit?

Question

We are currently in the process of migrating from an aged proprietary directory service to OpenLDAP. Today we ran into the problem that ldap_search_ext_s or ldapsearch in general does not return any results, if the number of entries, which were to be returned by the current search, would hit a certain limit.

Unfortunately setting the size limit higher in the LDAP server configuration might just postpone the problem, as we have a really big database and our update mechanism, which runs every morning, has to performe huge queries.

In the MSDN documentation I noticed that there is a mechanism to perform a paged search, which would allow me to get around the size limitation. Apparently this is also specified in an RFC draft from 1996 but hasn't been finalized (yet)?

Anyway, since I'm not working on a Windows-Box I have to use the OpenLDAP API, which doesn't seem to provide that mechanism (at least I couldn't find it on their search page)

Which brings me to my question: Do you have an idea what I could do, to solve that problem in an elegant manner?

Thanks for your help!

Answer 1

OpenLDAP supports paged result retrieval via ldap_create_page_control () and friends. Here is a description and sample code. If that doesn't help I may be able to provide excerpts from production code.

Answer 2

I had an issue using ldap_create_page_control with ldap_search_ext_s, my ldap library implementation was using LDAP version 2 by default and it looks it's supported for version 3+. It was returning "Not supported" from ldap_search_ext_s() before I set LDAP to version 3.

Answer 3

I was able to get around the size limitation using ldap_control_paged_result

ldap_control_paged_result is used to Enable LDAP pagination by sending the pagination control. The below function worked perfectly in my case.

    function retrieves_users($conn)
    {
        $dn        = 'ou=,dc=,dc=';
        $filter    = "(&(objectClass=user)(objectCategory=person)(sn=*))";
        $justthese = array();

        // enable pagination with a page size of 100.
        $pageSize = 100;

        $cookie = '';

        do {
            ldap_control_paged_result($conn, $pageSize, true, $cookie);

            $result  = ldap_search($conn, $dn, $filter, $justthese);
            $entries = ldap_get_entries($conn, $result);

            if(!empty($entries)){
                for ($i = 0; $i < $entries["count"]; $i++) {
                    $data['usersLdap'][] = array(
                            'name' => $entries[$i]["cn"][0],
                            'username' => $entries[$i]["userprincipalname"][0]
                    );
                }
            }
            ldap_control_paged_result_response($conn, $result, $cookie);

        } while($cookie !== null && $cookie != '');

        return $data;
    }

Answer 4

Use AD or Novell's eDirectory? ;)