[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WGM search for AD Users/Groups & 1000 record limit

Subject: Re: WGM search for AD Users/Groups & 1000 record limit
From: "Ryan S. Johnston" <email@hidden>
Date: Thu, 29 May 2008 11:26:17 -0500
Delivered-to: email@hidden
Delivered-to: email@hidden
User-agent: Thunderbird 2.0.0.14 (Macintosh/20080421)

I feel your pain. This is a gripe I've had with WGM for a while now. There are scripts available in the wild and the dscl command that can help you achieve this from the command line. I've done it with 10.4 not sure if much has changed in 10.5. afp548.com is a good resource to check out for information on this. However I do wish WGM performed a little better, in our distributed environment I have admins that won't even consider using the system if they can't use the GUI. :-(


Ryan S. Johnston
CISS Systems
Illinois State University
Julian Hall 153
Campus Box 3430
Normal, IL 61790
309.438.3919

Pepijn Bruienne wrote:

All,
I'm trying to find a workaround for the standard 1000 record limit AD imposes on LDAP searches as performed by WGM as I trudge along the path to implementing the sacred Golden Triangle. My XServe is running a freshly installed and updated 10.5.3 as of this morning but this particular issue has been around since 10.5 and probably before that.

As most of you know AD out of the box has a self-imposed 1000-record limit per page for any search, as defined by MaxPageSize. My AD admins have already made it clear they are not willing to up the default MaxPageSize number so I must come up with something on my end. This wouldn't be as big a deal if WGM would either implement paging or perform a fresh search on the entire LDAP DB with my fairly narrowly defined query which in my particular case is "all groups that have 'Mac' in their name" which when run in the "AD Users and Groups" tool on Windows returns less than 50 records. Instead WGM seems to pull a random 1000 records on which it then appears to perform the search. I say "appears" since typically none or only a few of the records I am looking for are among this 1000-record range when manually scanning through the list and thus searches come up mostly empty or incomplete. Has anyone figured out a way to either have WGM perform a "fresh" search or better, come up with a way to implement paging as supported by AD? I am not going to be able to add all my needed AD users and groups to their appropriate OD groups if I can't pull them up using the WGM search, unless there is a manual method of adding AD users to OD groups by GUID or somesuch. Any insight would be much appreciated.
TIA,
Pepijn.
---
Pepijn Bruienne
Mac OS X Systems Administrator
email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
This email sent to email@hidden

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden

Follow-Ups:
- Re: WGM search for AD Users/Groups & 1000 record limit
  - From: Pepijn Bruienne <email@hidden>

References:
	>WGM search for AD Users/Groups & 1000 record limit (From: Pepijn Bruienne <email@hidden>)

Prev by Date: Re: DSLDAPv3PlugInConfig.plist is not updating
Next by Date: Re: Typical setup for a mail server with different host and mail domain names?
Previous by thread: WGM search for AD Users/Groups & 1000 record limit
Next by thread: Re: WGM search for AD Users/Groups & 1000 record limit
Index(es):
- Date
- Thread

Home