[baccord35]

Our AD guys (WinSrv2003) are disputing Checkpoint's own explanation;
there are limits on server resources available to clients equesting LDAP queries, query policy is stored as a multivalue attribute (LDAPAdminLimits) configurable at server level; the default MaxValRange is (funnily enough) = 1500 whereas if the MaxPageSize (default value = 1000 NOT 1500) is the issue then the client can/should ask for paged results, which are supported by AD default query policy. They don't want to dramatically increase the MaxValRange suggesting CP use paged results, we suspect CP doesn't do paged results, we have tried to confirm with CP but having initially given us a confident answer now they are not talking to us...maybe trying to remember how their product works?
Anyone else have experience in this specialised area?