Alex Davies
2009-Jun-01 16:13 UTC
[389-users] Active Directory Chaining - Search Filters fail
Hi. I have setup a FDS server to chain a AD server, following instructions at http://directory.fedoraproject.org/wiki/Howto:ChainToAD If I ldapsearch the server, I get the first 1000 items back - regardless of the search filter I specify: ldapsearch -x localhost -b "dc=acme,dc=local" "(uid=alexd)" ... lots of output (look fine) # search result search: 2 result: 4 Size limit exceeded # numResponses: 1005 # numEntries: 1000 # numReferences: 4 Search bases work, so if I specify a OU that has < 1000 members everything works. There are no errors in the error log, although the graphical view of dc=acme,dc=local does not work in the console (big red "X" and a null error message when I double click). Any pointers would be much appreciated! Many thanks, Alex
Michael Ströder
2009-Jun-02 11:58 UTC
Re: [389-users] Active Directory Chaining - Search Filters fail
Alex Davies wrote:> > I have setup a FDS server to chain a AD server, following instructions > at http://directory.fedoraproject.org/wiki/Howto:ChainToAD > > If I ldapsearch the server, I get the first 1000 items back - > regardless of the search filter I specify:That''s the normal behaviour of MS AD to return only 1000 entries for a normal search request. With AD you can get around that limit by using simple paged results. But I doubt that this is supported with chaining. Ciao, Michael.