LDAP MAX 1000 query problem

prdehoop · #1 (**permalink**) 2007-01-15

Hello,

We wan't to connect the new integrity server in our windows 2000 AD, and import the users on specified times. but we have the problem dat there are moren then 14000 User accounts, and the integrity qeury doesn't support that ??

Is there a way to resolve this import and NOT do anything with ntdsutils on the server AD side ?

Thanxs

Patrick

betski · #2 (**permalink**) 2007-01-15

Hi Patrick

The 1000 user limit is imposed by the AD Domain Controller, it isn't an Integrity setting. You have to use ntdsutil.exe or apply a script using 'ldifde' to the local DC on which the query results must be increased.

prdehoop · #3 (**permalink**) 2007-01-16

Quote:

Originally Posted by betski

Hi Patrick

The 1000 user limit is imposed by the AD Domain Controller, it isn't an Integrity setting. You have to use ntdsutil.exe or apply a script using 'ldifde' to the local DC on which the query results must be increased.

the problem is that a change on the AD is not something we wan't, so thats why the question is there a way to let Integrity do a split in the query to do more queries and resume with 1001 with the next ?

CSING · #4 (**permalink**) 2007-06-26

Use foxfire not iexplore for AD imports.

CSING · #5 (**permalink**) 2007-08-01

Internet Explorer (6.x) limits to 3000 the number of groups you can import into an NTDomain, LDAP, or RADIUS catalog on Integrity Advanced Server. To import more than 3000 groups, use another of the supported browsers. Mozilla Firefox is the only compatible browser that accommodates imports of more than 10,000 groups. Note that, for very large imports, the import page may take up to ten minutes to display all imported groups. When importing groups with a browser other than Internet Explorer, users may get a warning asking whether to abort the long-running javascript routine. Users should close the dialog box or choose to continue running javascript. For Firefox, you can suppress this message by typing about:config in the address bar, finding the entry for dom.max_script_run_time, and setting the number to 60 (on new computers) or 120 (on older computers).

baccord35 · #6 (**permalink**) 2008-02-14

How was this resolved?
It looks the same as our max 1500 LDAP group membership (the >1000 default in Win2000 is increased to >1500 in Win2003).
CP doesn't read multiple pages so either the attribute is dramatically increased or group membership has to be redesigned to keep numbers below 1500.

prdehoop · #7 (**permalink**) 2008-09-01

We solved this by installing Firefox on the machine.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode